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Letter from the Editor 


May 2000 


Dear AppNotes Reader: 


Welcome to the May 2000 issue of Novell AppNotes. By the time you read this, our new Web site will be “live” 
and ready for you to use. This redesign has been in the works for quite some time, and we think we’ve made 
some big improvements based on reader feedback and the usability testing we did at BrainShare in Salt Lake 
City (thanks again to those who participated in this). Our main goals in this redesign were to provide you with 
more of the information you want in a more timely manner, and to make it easier to navigate the site and find 
what you need. Here’s a quick tour of what is available on our new site. I invite you to visit 
www.novell.com/research and check it out for yourself. 


7 
The main focus of the site remains our feature articles, and the latest articles from both AppNotes and Developer 
Notes are now accessible directly from our home page. To supplement these full-length articles, we have added a 
number of sections that contain more focused information on various topics of interest to our target audience. 


The Viewpoints section contains our opinion columns. These include a column by yours truly that I call 
“Ramblings,” in which I share my personal insights on what is happening in the industry. Networking veteran 
Roger White contributes “White Noise,” a unique look at the technologies and terminologies that are shaping 
the future of networking. 


In Reviews and Events, Senior Editor Thom Duncan offers “Web Sight,” a continuation of our “From the Web” 
section published every month in NetNotes. Thom also carries on with his popular “In Review” section from the 
NetNotes. Finally, we provide an up-to-date listing of industry events you need to know about in our “Events” area. 


Our Net Management section is, as the name suggests, geared towards those who manage networks. It 
includes the “Beyond the Basics” series from our resident network guru, Ed Liebing. Nancy McLain provides 
insights into the intricacies of directory technology in “Directory Primer.” For those of you who are relatively 
new to networking, Mark McKell walks you through the fundamentals in “Network Novice.” And those who 
are looking for quick network management ideas will want to check out the “Tips & Tricks” area. 


In our Net Support section, guest columnist Neil Cashell checks in with “Network Troubleshooter” to help 
you better identify, isolate, and resolve network problems. This section also includes the popular “Dear 
Ab-end” column as well as a new section on recently-posted Technical Information Documents (TIDs), aptly 
named “TIDbits.” 


Last, but not least, is the Code Break section which is devoted to developers (but I think a lot of 
non-programmers will find this useful information, too). Richard Smith, Dean of DeveloperNet University, 
contributes a developer’s eye look at issues and events of concern to programmers in “#Include.” And our 
own Larry Morris keeps you up to speed on the latest developments in development technologies in 
“Developer Scene”. 


This site, like most others on the Web, is a work in progress. As we move forward, you will no doubt see even 
more changes. You can help us continue to meet your needs by providing feedback on what works for you 
and what doesn’t. I hope you will take the time to do that! 


Until next time, 


Gamal B. Herbon 
Editor-in-Chief 
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Standardizing Network Server 
Configurations with Server 
Policies in ZENworks for Servers 


The shift of the industrial economy of the past to the information economy of 
today has fueled exponential growth of not only the global information 
infrastructure, but also of the information infrastructures of the individual 
organizations and enterprises that make up today’s marketplace. As both 
traditional and e-businesses become more dependent on vital, up-to-the-second 
information, these information networks expand, forcing organizations to spend 
more time and effort on ensuring the continued operation of their networks and 
key components. In organizations with more than a handful of network servers, 
network administrators spend inordinate amounts of time configuring and 
maintaining servers so they will be able to continually deliver the most current 
information into the hands of employees. In many cases, basic maintenance and 
configuration operations on such network servers must be performed in person, 
resulting in time wasted traveling to various branch offices. 


Novell’s ZENworks for Servers (ZFS) eliminates this waste of time by enabling 
administrators to manage and configure geographically-disbursed network 
servers from a central location. It enables organizations to standardize the 
configuration of their network servers, creating policies that can be 
automatically applied to servers across the network. ZFS automates the 
deployment of server applications and services to targeted network servers, 
facilitating application updates and version consistency. ZFS also enables IT 
organizations to proactively manage servers in an effort to prevent problems 
before they impact user productivity and business operations. 


As a follow-up to “Improving Information Dissemination with ZENworks for 
Servers and Tiered Electronic Distribution” in the March 2000 issue, which 
covered Tiered Electronic Distribution and Server Software Packages, this 
AppNote describes ZFS Server Policies. 
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Introduction to ZFS Server Policies 


Before launching into a detailed discussion of Server Policies, it might be 
helpful to briefly review ZENworks for Servers as a whole. ZENworks for 
Servers is a directory-enabled server management solution that leverages the 
power and flexibility of Novell Directory Services (NDS) to keep network 
services running and to effect change without disruption. It consists of three 
main components: 


e Server Policies 
e Tiered Electronic Distribution (TED) 
e Server Software Packages (SSPs) 


Server Policies enable organizations to standardize the configuration of all their 
network servers. Most organizations acquire their servers in piecemeal fashion, 
configuring each one individually as they are deployed. As a result, server 
configurations generally differ from department to department, and from site to 
site. With ZFS Server Policies, you can create, distribute, and consistently 
enforce across the network the rules that govern server activity. If someone 
changes a server configuration, you can schedule ZFS to automatically reset the 
configuration, guaranteeing that all network servers stay configured according 
to the established policy. 


TED streamlines software delivery by automating the distribution of 
information. Organizations can schedule when information is to be delivered to 
their servers. A special feature of ZFS enables organizations to deliver that 
information with minimum impact on wide area network (WAN) traffic. 


SSPs simplify server application distribution and installation. Organizations 
can assemble an application and its installation instructions so that when the 
package arrives on a server, it will install itself without further intervention. 
When a server application (NetWare Loadable Module) needs to be upgraded, 
organizations can create an SSP with the upgraded application, and then 
distribute and install it on all of their servers in a single operation. If the 
upgrade operation fails for some reason, ZFS can notify the appropriate 
network administrator. 


STANDARDIZING SERVER CONFIGURATIONS IN ZENWORKS FOR SERVER'S 


By combining policy-based server management, server-to-server software 
distribution, and software installation, ZFS provides a three-pronged approach 
to server management that addresses critical IT needs: 


e It empowers IT departments to implement change control processes that 
can minimize an organization’s down time and delays associated with 
deploying new hardware, server software, service pack updates, and 
network services. 


e Itincreases IT staff efficiency and effectiveness, in spite of continued 
network growth. 


e It leverages existing directory structure and server platform investment. 
e Itreduces redundant network management tasks through automation. 


e It improves end-user productivity through reduction in network disruptions 
and problems. 


With its high degree of scalability and NDS integration, ZFS is a cost-effective 
way to manage enterprise servers individually or in groups, regardless of their 
location on the network. 


The Need for Server Policies 


The growth of today’s information economy has led to non-stop expansion in 
many organizations’ internal network infrastructures. As the number of network 
servers continues to rise within an organization, the ability to efficiently manage 
those servers grows more complex and difficult. In an effort to avoid potential 
network problems and to simplify troubleshooting efforts, excessive time and 
money is spent on standardizing the settings and configurations of all the 
servers spread throughout a large organization. Simple operations such as 
bringing a server down for maintenance can have costly repercussions when a 
network administrator fails to follow standard procedures to ensure that 
business critical operations are not being performed before downing the server. 


As a directory-based management solution, ZFS lets IT managers easily 
standardize server configurations and enforce server policies across the 
network enterprise to help keep business services running on the network 
without disruption. ZFS is a “set it and forget it” server management solution 
that centralizes and automates information distribution and server configuration 
throughout an enterprise network. Especially designed for organizations that 
need to distribute vital data quickly or according to a schedule, ZFS allows for 
automated data distribution from a central location so that administrators do not 
need to visit each server individually. 
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STANDARDIZING SERVER CONFIGURATIONS IN ZENWORKS FOR SERVERS 


ZFS lets IT managers enforce polices for all the network servers under their 
responsibility any way that they see fit. ZFS provides IT managers the needed 
flexibility to enforce policies at the enterprise, branch office, or departmental 
levels by allowing policies to be associated by server, group of servers, or 
organization units (OUs). IT managers also have the flexibility of exercising 
granular control over the entire enterprise’s policies, or implementing general 
polices for the corporation and then allowing local network administrators to set 
policies specific to their group’s particular needs. 


Benefits of Server Policies 


ZFS enables IT managers to use the power of NDS to standardize the 
configuration of servers in their NDS tree. Rather than simply hoping IT teams 
will adhere to established server configuration guidelines, IT managers can 
simply implement a policy with ZFS and know that it will be automatically 
carried out enterprise-wide. 


ZFS greatly facilitates IT managers’ ability to maintain and enforce standard 
configuration settings for their network servers. Server Policies can also 
function as proactive measures to help prevent inadvertent network disasters. 
Bringing a server down for maintenance in the middle of an important slide 
show being presented to investors by the organization’s CEO or while payroll is 
generating paychecks for the month can have serious repercussions to both the 
livelihood of the business and to the culpable administrator. ZFS server policies 
can help avoid such catastrophes by setting a policy to cancel a DOWN 
command if a particular user is logged on or if a designated process is running. 


ZFS polices provide additional capabilities, including being able to ensure that 
certain procedures take place when a server shuts down, that servers will shut 
down and restart according to a determined schedule, that a specified custom 
script will execute on specified servers, or that new configuration parameters 
will be deployed globally. 


Technical Overview 


ZFS Server Policies simplify the configuration and management of servers 
across the network. Server Policies let IT managers and network administrators 
regulate the configuration properties of servers, as well as dictate how the 
servers should behave in certain situations. As an NDS-based policy 
management system for servers, ZFS provides a unifying view of the whole 
network, leveraging the NDS security scheme and enabling organizations to 
manage the relationships between their network devices and users. The 
combination of NDS and ZFS allows IT managers to securely create policies and 
apply them to servers throughout their information network. Without NDS and 
ZFS, IT managers would have to maintain several parallel management 
infrastructures, which would require manual updates to each server whenever a 
change was made. 


ZFS Server Policies are divided into three groups, referred to as policy packages: 


e Server Packages 
e Service Location Packages 


e Container Packages 


These policy packages are logically segmented to simplify the process of 
establishing enterprise-wide network server policies. These packages will be 
explained in more detail under the “Policy Package Descriptions” heading. 


Changes Made to the NDS Schema 


When ZFS is installed, the installation program extends the schema of the NDS 
tree to incorporate support for ZFS’s Server Policies. The schema extensions 
add properties to existing NDS objects and add several new NDS objects: 


e Policy Package Object. This is a container object that holds the Server 
Package, the Service Location Package, and the Container Package. 


e Server Package Object. This is a container object that holds the Server Down 
Process, Scheduled Down, NetWare SET Parameters, Scheduled Load/ 
Unload, Server Scripts, Text File Changes, ZENworks for Servers, and 
SNMP Trap Target Refresh policies. 


¢ Service Location Package Object. This is a container object that holds policies 
for SMTP Host, SNMP Trap Targets, and the ZENworks Database. 


© Container Package Object. This is a container object that holds the Search 
Policy for ZFS. 


e ZENworks Database Object. This is a leaf object that defines the location of 
the ZENworks database that ZFS components use for reporting purposes. 
Multiple Database objects can exist in a tree, but there can only be one 
per server. 
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Server Policy Architecture 


The ZFS installation program installs a set of policy enforcers on each ZFS- 
enabled server. Each of these policy enforcers corresponds with each of the 
policies contained in the Server Policy Package. ZFS relies on a piece of code 
referred to as the ZFS Facilitator to dynamically find these policy enforcers on 
servers spread throughout the network and then utilizes a Policy Manager to 
marry these policy enforcers with the actual policies set in NDS. Basically, the 
Facilitator finds all the servers’ policy enforcers that match enabled policies, and 
then schedules those policies to run at the appropriate times on those servers 


(see Figure 1). 


Figure 1: The ZFS Facilitator matches 
NDS policy extensions to ZFS policy 
enforcers found on network servers. 
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Policy Features 


ZENworks for Servers enables IT managers to set policies that not only increase 
overall network administration productivity, but minimize network down time. 
In total, ZFS lets organization take advantage of fifteen different policies, 
including the following: 


e Server Down Process. This policy specifies what processes will be followed 
when a server or servers are brought down and what conditions must be met 
before the server(s) will actually shut down. 


e Scheduled Down. This policy schedules when a server or set of servers 
should go down, and whether the server(s) should automatically come 
back up. 


© Text File Changes. This policy automates system-wide changes to server text 
files (AUTOEXEC.NCF, STARTUP.NCF, and so on). 


e NetWare Set Parameters. This policy maintains standard sets of configuration 
parameters for an enterprise’s network servers. 


e Scheduled Load/Unload. This policy specifies the order in which NLM and 
Java class processes will load and unload. 


¢ Server Scripts. This policy automates the execution of custom scripts on 
network servers distributed throughout the enterprise. 


e SNMP Trap Targets. This policy sets SNMP trap targets for associated 
NDS objects. 


e ZENworks for Servers. This policy establishes the configuration parameters 
for ZFS to be used by servers on an individual, group, or OU level. 


Policy Associations 


ZFS provides IT groups significant flexibility in deploying policies to their 
network servers. Policies can be associated to individual servers, server groups, 
or OUs according to the needs or design of the IT organization. This enables IT 
managers to have one set of polices for database servers, another set for Web 
servers, one for file and print servers, and so on. If desired, general sets of 
policies can be created that apply to all servers or a subset of servers. IT 
managers can determine for themselves the best way to establish and deploy 
policies for the network servers in their charge. 


Policy Schedules 


ZFS allows IT managers to schedule when and how they want specific policies 
to be implemented. This enables ZFS to automatically perform routine server 
management tasks on a schedule or in response to an event, such as server 
startup. Policies can be scheduled to run daily, weekly, monthly, yearly, at a 
specific time, at intervals of time, when certain events occur, immediately, or at 
a time relative to when that policy is refreshed. 
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Policy Package Descriptions 


10 


Server Policies are applied to servers in the NDS tree through the means of 
policy packages. Policy packages are groupings of policies that ZFS provides to 
make it easier for IT managers and administrators to apply and schedule policies. 


After ConsoleOne is used to create the Policy Package Object, any of ZFS’s 
three policy packages can be created to implement ZFS Server Policies: 


e The Server Package contains a generic set of policies that can be applied to a 
set of ZFS-enabled servers. 


e The Service Location Package contains policies specific to running ZFS, such 
as those that relate to SNMP and database services. 


e The Container Package holds the container search policies, which determine 
how ZFS manages the policies within NDS. 


Multiple policy packages can be created for an NDS tree. Each package can be 
customized for a specific server or groups of servers. To customize a policy 
package, an IT manager can enable any or all of the predefined policies 
contained in the policy package. The IT manager can then set its run schedule 
(immediately, daily, monthly, yearly, and so on) or rely on the policy’s default 
schedule. Once the policy package is configured, it must be associated with a 
server, a group of servers, or an NDS container. 


Server Package Policies 


Policies contained in the Server Package are those that directly affect network 
server operations and settings. 


Server Down Policy. The Server Down Policy establishes the steps a 
server will take before it shuts down, whether it is being brought down by 
someone at the console or as a result of a scheduled down. The Server Down 
policy allows IT managers to enforce specific procedures to automatically occur 
before a server actually goes down. Implementing this policy can avoid 
disruptive and often costly effects associated with network servers being shut 
down improperly. 


Some of the features of this policy include the following: 


e Establish time delay before server goes down 

e Disable user login 

e Send customized broadcast to logged in users 

e Send e-mail notification that the server down process has initiated 
e Set time before users will be disconnected from server 


e Cancel server down process under specified conditions (open files, running 
processes, user connections, and so on) 


e Specify unload order of server processes 


e Assign other servers to monitor server restart and send SNMP alert if restart 
does not occur 


STANDARDIZING SERVER CONFIGURATIONS IN ZENWORKS FOR SERVERS 


When a DOWN command is issued, the actual shutdown process will be put on 
hold in accordance with the delay time set within this policy. This can be set to 
give users ample time to save their data, exit their applications, and log out. To 
facilitate this process, a customized broadcast message can be sent to all logged 
in users, giving them notification that the server will be going down in a 
specified number of minutes. IT managers can also specify in the policy how 
often this broadcast message should repeat. 


Additionally, the policy can be set to automatically notify specific individuals via 
e-mail that a shutdown command has been issued at that server. If for some 
reason this server is not actually supposed to shut down, this notification 
enables IT managers to be contacted in time to stop the process before the 
server actually goes down. An IT manager can cancel the server down process 
from a network workstation running ConsoleOne, or from any Web browser 
that can authenticate to the network. 


The policy can also stipulate that the server down process will be cancelled if 
specified files are open, specific NLMs are running, a certain number of users 
are logged in, or specified users are logged in. This feature helps ensure that 
the server will not be brought down if critical operations are in progress, such as 
check printing for the company payroll or a server backup. This feature can also 
be useful if you don’t want the server to go down while the company CEO or 
other individuals are logged in. 


Other features of this policy include the ability to indicate the unload sequence 
of applications running on the servers, as well as the ability to disable users 
from logging in while the server is preparing to go down. Additionally, under 
this policy other servers can be assigned to watch for the downed server to 
come back up. If the downed server does not restart in a specified amount of 
time, an SNMP alert can be generated, notifying administrators that there may 
be a problem with the server. 


Scheduled Down. The Scheduled Down policy enables IT managers to 
have certain servers automatically shut down, restart, or reset at a specific time. 
This can be useful in situations such as planned backups, where an 
administrator wants to make sure that not only all users are logged off, but that 
the server is in a “clean” state before the backup occurs. 


Text File Changes. The Text File Changes policy provides IT managers 
an enormous amount of power and flexibility in making global changes to 
their network server settings that happen to be stored in text files such as 
AUTOEXEC.NCF or STARTUP.NCF. With this policy, the IT manager can 
edit any text file stored on a network server. For example, if it is determined 
that additional memory should be allocated to certain network server LAN 
adapters, this policy can be used to search for a substring in the 
AUTOEXEC.MCF file that contains the “Load” command followed by the LAN 
adapter’s driver name. Whenever the server finds this instance, it can either 
replace that line or string with a new command string, or simply append the 
desired memory attributes to the end of that line. 
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This policy provides IT managers a wide variety of methods to choose from in 
implementing these text file changes. Searches can be based on substrings, 
whole words, an entire line, or the end or beginning of a line. It also lets you 
prepend a line with a specified string, create new text files, and delete text files. 


The policy also provides a choice of sixteen different ways to replace the found 
text, including replacing a string, word, line; appending or prepending lines; 
adding lines before or after; deleting words, strings, lines; deleting every line 
before or after the found text, and so on. 


NetWare Set Parameters. The Set Parameters policy facilitates the 
process of standardizing the configuration properties of all servers in an 
enterprise network. With this policy, IT managers can create a model server to 
act as a frame of reference for all servers in the network. Once this “golden” 
server is established, ZFS queries and captures all or part of its server settings. 
These settings can then serve as a modifiable template that can be used for and 
automatically deployed to every server, or to a cross-section of servers in the 
enterprise. To ensure that these settings remain in force, they can be scheduled 
to run periodically or be refreshed so that if changes are inadvertently made to 
the server, it can be reset to the correct settings. 


Scheduled Load/Unload. ZFS enables NLMs or Java processes to be 
automatically loaded or unloaded according to a specified time, frequency, or 
date. This policy can also be used to immediately load or unload these server 
processes, enabling administrators to free up system resources for certain 
activities or ensure that a certain process is loaded or unloaded before initiating 
scheduled server operations. 


Server Scripts. Server Scripts provide IT managers with a tremendous 
amount of power and flexibility in enabling certain server operations to occur 
system wide according to a specified schedule. The ZFS Server Scripts policy 
inherently supports Perl, NetBasic, and NetWare (.NCF files) scripts, but it also 
accommodates other scripting languages by providing support via the “Run” 
command. This policy provides increased capability when combined with the 
Scheduled Load/Unload policy, as in the example of unloading any required 
server processes before running an automated script to back up a server. 


Furthermore, Server Scripts give IT organizations virtually unlimited ability to 
create their own custom policies and server operations, while taking advantage 
of NDS and ZFS’s security, scheduling, administrative, and policy distribution 
scheme. For example, a script could be written to purge server volumes. Since 
this script can be scheduled to run on any or all of a network’s servers, it 
becomes, in essence, a new policy for that network. By leveraging Server 
Scripts in this fashion, IT managers can literally create as many new policies as 
they want, extending the power of ZFS to fit their unique requirements. 
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Service Location Package 


Server Polices call the policies within the Server Location Package every time 
an e-mail notification, SNMP alert, or report event needs to be generated. 


SMTP Host. The SMTP Host Policy sets the IP address of the relay host that 
processes outbound Internet e-mail. This policy must be in effect to use e-mail 
notification options in ZFS’s Distributor, Subscriber, Proxy, and Policy objects. 


SNMP Trap Targets. The policy for SNMP Trap Targets functions as the 
name implies. It sets SNMP trap targets for associated NDS objects. Both this 
policy and the SNMP Trap Target Refresh policy are used to provide support for 
SNMP management. 


ZFS Database. From within the Service Location Package the ZENworks 
Database policy can be enabled to allow ZFS to log information in a Sybase 
database. The database policy enables ZFS’s reporting capabilities in order to 
assist IT managers with the task of managing server policies and server-to-server 
distributions. The information stored in the database is used to generate reports 
on the success or failure of policy enforcement and software distribution. 


ZFS provides the following canned reports for Server Policies: 


e Discovered Policies 
¢ Down Policies 
e Failed Policies 
e Successful Policies 


e Unenforceable Policies 


Container Package (Search Policies) 


The Container Package holds ZFS’s Search policies. The Search policies allow 
each ZFS-enabled server to search NDS for its associated policies. The Search 
policy tells the server where to look in the NDS tree for these policies, as well as 
to what extent it should keep looking for a policy before it gives up. The Search 
policy can search a maximum of 25 levels in either direction from the defined 
originating point. 


The Search policy helps ensure that all servers are running the correct and 
most recently established policies. As new polices are introduced, the Search 
policy lets the network servers automatically discover the new polices and 
implement them according to their individual schedules. If no search policy is 
defined, ZFS uses the default, which is to search from the parent container to 
the root every hour. 
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Refresh Interval. The Refresh Interval determines how often a server will 
search NDS for its associated policies. Configuring a policy, or making changes to 
a policy’s configuration, does not immediately place it in effect. The policy engine 
must refresh the policies to activate the latest configuration. This is an essential 
attribute, especially for those instances where a local administrator mistakenly 
changes a server’s settings contrary to the established policies. With the Refresh 
Interval set appropriately, the policy engine can search for the server’s associated 
polices so the server can refresh or reset back to the correct settings. 


Overriding Policies. The search order defined by the Search policy can 
also determine how policies will override each other. For example, a policy 
package associated with a server would override a similar policy associated with 
the server’s parent container if the search order required it to search the server 
object before it searched the container object. This override would occur 
because the policies associated with the server object would be found before the 
policies associated with the container. However, if the policies happened to be 
cumulative rather than singular, both policies would run and no overriding 
would occur. 


Plural Policies 


Some policies are plural, meaning that they can exist more than once in a policy 
package. Plural policies are useful for situations when you need use the same 
type of policy in different ways and at different times. For example, you might 
have different Server Scripts that you need to run at different times on your 
servers. Or you might want to schedule your servers to restart at the end of 
each month, as well as on specified days such as holidays. 


Plural policies include: 


e Set Parameters 

e Scheduled Down 

e Run 

e Server Scripts 

e Scheduled Load/Unload 
e Text File Changes 


Plural policies should be assigned unique names such as “Monthly Scheduled 
Down” and “New Years Scheduled Down.” 
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Conclusion 


Cumulative Policies. Cumulative policies are a type of plural policy that 
allows multiples of the same policy type to be in effect when associated to an 
object, group, or container. For example, a Text File Changes policy associated 
with server ADMIN1 could be accumulated with a differently configured Text 
File Changes policy associated with server group IT. If server ADMIN1 happens 
to be a member of that server group, all of the text file changes from both 
policies would be effective for the ADMIN1 server. 


Cumulative policies will run at their lowest policy search level, and then rerun at 
the next level throughout the search path. This means that accumulative 
policies can be both additive and overriding. 


ZENworks for Servers replaces reactive management of individual servers with 
proactive server-group management. ZFS eliminates time wasted on repetitive 
administrative tasks, allowing IT managers to focus on more important issues. 
ZFS’s “Set it and forget it” capabilities let IT departments create standard policy 
sets and then have them automatically deployed to network servers across their 
entire enterprise. Leveraging the power of the industry’s leading directory 
service, ZFS maximizes user productivity, reduces IT burdens, minimizes 
downtime, and lowers total cost of ownership. 
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NDS eDirectory Design, 
Implementation, and 
Maintenance Guidelines 


The X.500 directory services standard that was created in 1988 had a great deal 
of promise, but yielded little in the way of practical application. Novell was one of 
the first companies to see the vision of what directory services were capable of, 
and in 1992 introduced the concept of using directory services in the corporate 
networking world. The solution that Novell delivered has since become the 
standard for managing enterprise networks: Novell Directory Services (NDS). 


Since its initial release eight years ago, NDS has continued to evolve to meet 
changing customer needs. NDS eDirectory is the latest evolution of NDS. Based 
on NDS v8 that was released in May of 1999, NDS eDirectory delivers a “Full 
Service Directory” that provides for flexible and extensible discovery, rich 
security tools, an extremely scalable storage engine, and the ability to manage 
relationships, whether they be internal or external to your organization. 


Over the years, many design documents have been created to address how 
NDS trees should be designed, implemented, and maintained. With the recent 
release of Novell’s new NDS eDirectory solution, there is a need for some 
updates in the area of design guidelines. This AppNote presents new design, 
implementation, and maintenance recommendations for NDS eDirectory-both 
for corporate networks and in the arena of Internet-based e-business and 
identity/profile management. 


This information is adapted from a document entitled “NDS eDirectory 
Design 2000”. This document, along with other information about NDS 
eDirectory, can be found on Novell’s NDS Web site at: 


http://www.novell.com/products/nds 


DESIGN, IMPLEMENTATION, AND MAINTENANCE 


NDS eDirectory Design 


Note: 


Note: 


Many factors contribute to a properly designed NDS environment. Some are 
technological, while others are political or cultural. In all cases, however, there 
are certain design-related questions that need to be answered. These include: 


e How many trees should I create? 


¢ How large a tree can NDS eDirectory sustain? What does Novell 
recommend? 


e Where should I partition the tree? 
e Should I have few or many replicas of my partitions? 
e How will my design affect application usage? 


This section will answer these questions. 


Throughout this document, the terms NDS and NDS eDirectory are used interchangeably. 
Unless otherwise noted, NDS eDirectory is the version of NDS that is being discussed. 
Care should be taken when applying these guidelines to previous versions of NDS. 


Number of Trees 


Since the release of NDS, Novell has been of the opinion that a single tree works 
best for the majority of organizations. After all, a directory service is designed to 
represent a particular organization, which is typically a single entity. Novell 
itself is a worldwide organization that spans the globe with a single NDS tree. 
The benefits of one tree include a single user identity on the network, simpler 
administration of security, and a single point of management. 


This recommendation for a single tree for business use does not preclude creating 
additional trees for testing and development purposes. 


Some organizations may decide that they need to have multiple trees. For 
example, an organization that is made up of several autonomous business units 
may have a need to create more than one tree. Such a requirement may derive 
from legal needs or corporate cultural aspects when dealing with worldwide 
organizations. Lastly, there may be political or “authoritative” bounds within an 
organization that need to be respected to the point of having separate trees. 


While this AppNote deals mainly with how to design NDS eDirectory in 
single-tree environments, Novell is currently developing several integration 
solutions to aid its customers who need to have multiple trees. These solutions 
include DirXML and NDS Federation. 
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Figure 1: DirXML synchronizes data 
from one tree to another. 
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DirXML. DirXMLis Novell’s solution for enterprise-wide directory 
integration. This allows for organizations with multiple NDS tree or other 
directories to synchronize data between them. Using the Extensible Markup 
Language (XML), administrators can create rules that dictate the business logic 
of how and what information should be shared between directories. 


Figure 1 demonstrates a user named “John” being synchronized between two 
NDS eDirectory trees. The new user John in the ACME_HQ tree can now be 
granted rights to resources in the new tree. The NDS-to-NDS driver that ships 


with DirXML even allows for passwords to be synchronized between trees in 
the form of RSA public/private keys. 


TREE: ACME_JP TREE: ACME_HQ 


OU=Tokyo OU=Osaka OU=Provo 


DirXML Synchronization 
& creates a new CN to grant rights pe 
CN=John CN=John 
O O 
N O Ovo 
O p @ 


DirXML is not limited to just synchronizing between NDS eDirectory trees. It 
can also integrate disparate directories such as Microsoft’s Active Directory, 
Netscape’s iPlanet Directory Service, Microsoft Exchange, and Lotus Notes. 
Third parties, ISVs, and internal developers can also create custom drivers 
using the Novell DirxXML Driver Toolkit. 


For more information on DirXML, visit Novell’s NDS Web site at 
http://www.novell.com/products/nds. 
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Figure 2: NDS Federation allows 
objects in one tree to be granted rights 
in another tree. 


NDS Federation. For those customers who do not want to synchronize data 
between trees but still want to grant users access to resources in another tree, 
Novell’s NDS federation solution will allow users in one tree to be granted 
access to resources in another (see Figure 2). 


TREE: ACME_JP TREE: ACME_HQ 


OU=Tokyo OU=Osaka OU=Provo OQU=DC 


NDS Federation grants rights to objects 
& in other trees without synchronization 


CN=John 


ACCESS CONTROL LIST 


CN=John.OU=Tokyo. 
O=ACME.T=ACME_JP 


[SBCDR] 


NDS Tree Size 


In NDS eDirectory, tree size limitations are a thing of the past. While in 
previous versions of NDS it was common to be wary of tree size due to database 
scalability, NDS eDirectory has been tested to over 1 billion objects in a single 
tree, making it the most scalable directory service on the planet. The only 
limitations to tree size in NDS eDirectory are physical disk space and disk 
input/output speeds. 


Here is some information that will help you determine your disk size and 
memory requirements. A typical object in NDS eDirectory is 3 to 5 kilobytes 
(KB) in size. Using this number, you can quickly calculate disk space 
requirements for the number of objects you desire. It is important to realize that 
this is an estimate based on average NDS implementations. Your disk space 
needs may differ depending upon how many attributes are filled with data and 
what that data is. If objects will hold BLOB (binary large object) data such as 
pictures, sounds, or biometrics, the object size will grow accordingly. 
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for Directory Information Base. To determine the size of your DIB Set, you can do the 
following: 


© For NetWare, download TOOLBOX.NLM from Novell’s Website. This will allow 
you fo see the SYS: NETWARE directory on your server. 


e For Windows NT, you can find the DIB Set at \NOVELL\NDS\DIBFiles. 


e For Sun Solaris, the DIB Set location may vary depending on the path you specified 
during the installation. 


Partition Boundaries 


One of the unique features of NDS is its ability to be segmented into smaller 
pieces called partitions, while still maintaining a single namespace. Over the 
years, Novell has recommended that these partition boundaries be created for 
two reasons: 


© To minimize traffic over WAN Links. A typical NDS tree design consists of 
top-level organizational units (OUs) representing the different geographic 
areas that the business operates in. This design permits organizations to 
segment the namespace into partitions at the geographic level. Subsequent 
partitions can then be placed on the appropriate servers in each location. It is 
crucial to note that this recommendation does not reflect any limitation of 
NDS, but is a design guideline to ensure that replication traffic between 
different sites does not unnecessarily consume precious WAN bandwidth. 


© To limit partition size. In previous versions of NDS, the size of the partition 
was another important consideration. Since the underlying database was not 
practical for large partitions of 10,000 or more objects, it was recommended 
that additional boundaries be created to limit the partition size. 
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NDS eDirectory no longer has these limitations, due to its highly scalable 
backend. For NDS eDirectory, Novell recommends the following design limits 


for partitions: 


These rules generally apply to distributed environments such as corporate 
enterprises. They may not apply to eBusiness scenarios, as typical eBusiness 
uses require that all the data be stored on a single server. This is common in 
white page solutions and when using NDS to provide authentication and identity 
management over the Internet. In most cases, eBusiness systems will have a 
single partition with all the data within it, since everything needs to be on the 
same server. (See the “Replica Placement” section for additional information.) 


Novell’s next release of NDS eDirectory (code-named “Tao”) will allow for 
filtered replicas that can contain a subset of objects and attributes from different 
areas of the tree. This will solve the same eBusiness needs without requiring 
that all data be stored on the server. (See the “Application-Specific Design 
Issues” section for additional information.) 


Tree design will favorably or adversely affect your ability to create an effective 
partitioning strategy. You should always follow these rules: 
e Design the top of the tree based on the WAN infrastructure. 


e Design the bottom of the tree based on the organization of network 
resources. 


e Partition the top of the tree based on the WAN infrastructure. 


® Do not create a partition that spans your WAN infrastructure. (In other 
words, “Don’t span the WAN.”) 
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Figure 3: NDS eDirectory corporate 
tree design example. 


Note: Even though eBusinesses need to have all the data on a single server, this does not 
negate the need to replicate the data for fault tolerance and load balancing. 
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Figure 3 shows an example of how to follow these design rules in a corporate 
network environment. 
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When designing a tree for eBusiness use, most of these rules are not needed. 
Since there is no real way for you to know where a particular user is coming in 
from over the Internet, the typical eBusiness deployment of NDS eDirectory 
involves storing all the data on a single server. With this type of design, you 
would have a relatively shallow and flat structure. 


Replica Placement 


The placement of replicas is extremely important for two reasons: accessibility 
and fault tolerance. As more and more data is stored in NDS, the value of NDS 
grows. From an accessibility standpoint, that data needs to be available as 
quickly as possible, and subsequently needs to be copied in several places to 
ensure accessibility and fault tolerance. 


The basic rules of NDS eDirectory replica placement are as follows: 


¢ Replicate locally first. Keeping two to three replicas at the local site. In each 
case, there should be at least two local replicas of the local partition if 
possible. There is no need for more than three replicas unless you want to 
provide for accessibility of the data at other locations. This could also be 
done in eBusiness cases where the directory information is being accessed 
by countless numbers of users and you want to have multiple instances of 
the data for load balancing. 


e Keep the master replicas in central locations. It may seem logical to keep 
masters at the remote site. However, since master replicas are used for 
partition operations (such as creating a new partition or merging a partition), 
it is wise to keep them where the partition operation will occur. Novell 
recommends that operations such as partitioning be handled by one person 
or administrative body in a central location. This ensures that errors are not 
made that could have adverse effects on NDS operations. This methodology 
also provides for a central backup of the master replicas. 


Replicas should only be placed in non-local sites for three reasons: (1) to 
ensure fault tolerance if you are not able to have the recommended two or 
three local replicas, (2) to provide for accessibility, and (3) to provide for 
centralized management and storage of master replicas. This will help to 
ensure that replication traffic is controlled and limited over slow WAN links. 


If you are replicating the master replicas to a remote site or are forced to 
place replicas over the WAN for accessibility or fault tolerance purposes, be 
mindful of the bandwidth that will be used for replication. It is wise to utilize 
Novell’s WAN Manager (WANMAN) tool to control the replication of NDS 
eDirectory traffic over WAN links. 
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Figure 4 demonstrates these basic rules of NDS eDirectory replica placement. 
In this example, notice that all masters are stored on a server named 
PRV-DSMSTR. It is a common practice in large environments to have a central 
master server that holds all the master replicas of your tree. 


Figure 4: NDS eDirectory basic 
replica placement. 
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Application-Specific Design Issues 


NDS eDirectory serves as a data store that many applications retrieve data 
from. Application needs may therefore affect some of the aspects of NDS 
eDirectory design, usually those dealing with partitioning and replication. 
Applications typically function better when all the data they will need is 
quickly available. This may affect your replication design, since you would 
have to take this into account. 


To help in this area, Novell is currently creating a new replica type known as the 
“filtered replica” (see Figure 5). This type of replica allows for an administrator 
to create a replica that is both sparse (contains only the objects classes that you 
specify) and fractional (only holds the attributes you specify). This allows 
applications that need a global view of the data stored in NDS eDirectory to get 
fast response without requiring referrals to other servers. 
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Figure 5: NDS eDirectory corporate 
tree design example. 
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Solutions that will benefit greatly from filtered replicas include DirXML and 
Novell’s eGuide, an LDAP white pages application. For more information 
regarding Novell’s eGuide solution, visit the product Web site at 
hitp://www.novell.com/products/eguide. 


NDS eDirectory Implementation 


Tech Tip: 


After an effective design, the next step with NDS eDirectory is the proper 
implementation. In this section we will cover hardware requirements, new ways 
to ensure load balancing, and parameter settings for tuning NDS eDirectory. 


Hardware Requirements 


Determining hardware requirements for NDS eDirectory is a difficult issue 
because each implementation is different. For example, a base install of NDS 
eDirectory with the standard schema requires roughly 74 MB of disk space for 
every 50,000 users. But if you were to add a new set of attributes or completely 
fill in every existing attribute, the object size will grow. This will affect the disk 
space, processor, and memory requirements. 


For best results, try to cache as much of the DIB set as possible. The ideal is to get as 
close to a 1:1 ratio of DIB size to memory as possible. 


As far as processor requirements are concerned, NDS scales well on a single 
processor. NDS itself is not processor intensive, but it is network I/O intensive. 
On the other hand, DSREPAIR is disk and processor I/O intensive. Adding 
processors in a NetWare-on-Intel implementation yields dramatically better 
performance with NDS eDirectory. 
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Here are the hardware recommendations for typical Intel-based 
implementations (NetWare, Windows NT, and Linux). 


Ce oe 


100,000 Pentium Ill 450-700 MHz 384 MB 144 MB 
(single) 


1 million Pentium III 450-700 MHz 2 GB 1.5 GB 
(dual) 

10 million Pentium III 450-700 MHz 2 GB + 15 GB 
(two to four) 


Here are the hardware recommendations for typical Sparc-based 
implementations (Solaris). 


=e oS ae 
100,000 Sun Enterprise 4500 384 MB 144 MB 
Sun Enterprise 5500 1.5 GB 


10 million Sun Enterprise 6500 with 2 GB + 15 GB 
multiple processors 


Remember that processor requirements may be greater depending upon 
additional services available on the server and the number of authentication 
reads and writes the server is handling. Items such as encryption and indexing 
can be processor intensive. Additional memory will always help since NDS will 
be able to cache more of the directory into memory. Hard disk space 
suggestions are based upon 74 MB for every 50,000 users. As mentioned before, 
as new attributes are added to the directory and are subsequently utilized, the 
requirements will increase to handle the load. 


Load Balancing 


Load balancing for NDS in a corporate environment is typically not a problem. 
NDS works extremely well in these environments and even in the case of older 
versions works well with large global, highly distributed trees. This is taken 
care of via replication on multiple servers. Using the Novell Client32, 
administrators can setup default servers to help control the authentication and 
NDS resource utilization as needed. Novell’s ZENWorks solution for desktop 
management can help in this regard as well. 


In the area of Internet and eCommerce deployments such as white pages, 
portals, content management, identity management and profiling, several new 
methods can be used to get high performance for eCommerce applications. 
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Figure 6: DNS round robin. 


DNS Round Robin. 


For eBusiness solutions where users and applications 


are using the Internet to retrieve services, a DNS Round Robin configuration 
will work well (see Figure 6). This involves entering multiple IP addresses for a 
given host within DNS. Most DNS servers will then respond with one of the IP 
addresses doing this in a round robin. 


Workstations 


Workstations request a DNS 
resolve for eGuide.Acme.com 


DNS Server 
SSS 


eGuide.Acme.com 
#1 10.0.0.1 
#2 10.0.0.2 
#3 10.0.0.3 


DNS responds back to each 
workstation with one of the 

three addresses configured 
for that host name. 


Applications that utilize NDS eDirectory will use the IP address that is returned 
by DNS to access NDS eDirectory off of the appropriate server. This method 
provides for dynamic changes and in most cases will work fine. 


Static Configuration. The one flaw with the DNS Round Robin is the 
added latency (delay) of the DNS response. To get around this, you can 
statically map different services to individual NDS servers in your environment 
or create a process that will do this locally without resolving to the DNS server. 


Tuning NDS eDirectory 


Tuning NDS is extremely important. Even with the best hardware that money 
can buy, it will not perform to its full potential unless it is properly tuned. 
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The following is a list of settings that will optimize NDS eDirectory for a variety 
of uses. These parameters are recommended for NetWare implementations: 


Maximum Pending TCP Connection Requests 
Maximum Packet Receive Buffers 
Minimum Packet Receive Buffers 
Maximum Physical Receive Packet Size 
Maximum Concurrent Disk Cache Writes 


Dirty Directory Cache Delay Time 


Maximum Concurrent Directory Cache Writes 
Maximum Directory Cache Buffers 200,000 


Maximum Number of Internal Directory Handles 
Maximum Number of Directory Handles 
Maximum Record Locks Per Connection 
Maximum Record Locks 


Maximum Outstanding NCP Searches 


Enable File Compression 


Immediate Purge of Deleted Files 


The setting that most affects NDS eDirectory performance is the cache. With 
NDS, administrators can configure the amount of RAM that will be used as 
cache. As mentioned before, you should try to get as close to a 1:1 ratio of cache 
to DIB Set as possible. For best performance, exceed this ratio. 


To set the cache level, perform the following operation on your NDS server: 


NetWare Console screen | Enter this command: 
Set DSTRACE=!MB<amount of RAM to use in 


MB> 


Windows NT _NDSDB.INI Create a _NDSDB.INI file in the 
\Novell\NDS directory. Enter this command: 
CACHE=<amount of RAM to use in MB> 
Solaris ndstrace screen | Launch ndstrace from the Sun Solaris server. 
Enter this command: 
Set DSTRACE=!MB<amount of RAM to use 
in MB> 
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NDS eDirectory Maintenance 


After the design and implementation are complete, the final step is the 
maintenance of your design implementation. In this section we will cover 
disaster recovery, keeping NDS eDirectory healthy, and monitoring NDS. 


Disaster Recovery 


There are several important considerations regarding the issue of backup and 
restore. The usual purpose for providing backups is to restore the data when a 
server fails. This is the standard consideration for environments such as file 
services or standard databases. One of NDS’s distinctive advantages is the 
survivability of the data that NDS contains. This is again one of the reasons for 
replication. Standard operating procedure in most organizations is to utilize the 
directories replication services as the primary form of fault tolerance. 
Organizations that need higher levels of fault-tolerance can utilize Novell 
Clustering Services for NetWare to provide high availability of their NDS data. 


Novell recommends that all customers use a combination of replication and 
off-line backups to protect their directory data. An off-line backup at regular 
intervals is the only way to insure that the tree can be restored in the event of a 
catastrophic disaster. Remember that replication while automatic and very 
reliable is not fool proof. If there is a severe disruption in the tree it may be 
replicated to the other replicas. Also, a user with the rights to delete vast 
portions of the tree could accidentally destroy large numbers of records and an 
off-line backup would be required to retrieve the data. 


It is important to choose the right strategy for your backup needs as well as the 
appropriate software and hardware. Administrators can perform three types of 
backups in their environments: 


e Full. A full backup backs up all data in the directory regardless of whether it 
has changed. If you are mostly concerned with ensuring that all the data is 
safe, a full backup is the preferred method. Full backups are easy to restore 
since it will be one set of media. However, to back up a large tree will take 
considerably longer than to simply back up the changes. Restorations will 
also be longer since you are restoring all of the data. 


¢ Incremental. Incremental backups back up only the data that has changed 
since the last full backup. These types of backups get progressively longer 
since theoretically more and more data will be backed up every day. When it 
comes time to restore the tapes, you will need the last full backup and the 
incremental tape. 


e Differential. In this form of offline storage, the backup records only changes 
made since your last backup. If you are looking to have the fastest backup 
speed, differential is your best choice. However, you will pay during the 
restoration portion of the process since you will need to restore the last full 
backup and all the differential backups since the last full backup. This typically 
involves using numerous tapes to get all the changes from the last full backup. 
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The question is not which backup method you should use, but what your 
strategy will be to actually perform the backup. Your strategy will depend on 
whether your organization is distributed, centralized, or both. You should also 
consider whether each site needs to have its own backup or whether one backup 
at a central point can suffice. Figure 7 summarizes the three backup strategies. 


Figure 7: NDS eDirectory backup strategies. 


Partition Root 


“E 


OU=DC 
Partition Root 


Note: 
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Distributed Backup Centralized Backup Hybrid Backup 
Incremental backup Incremental backup Incremental backup 
off a local server in off servers in the sk off a local server in 
the Provo site. central site. the Provo site. 

al Perform full backup Perform full backup kool Perform full backup 
OU=Provo as regularly as OU=Provo as regularly as OU=Provo as regularly as 


needed Partition Root needed Partition Root needed off servers 
in a central site. 


Incremental backup Incremental backup Incremental backup 
off a local server in off servers in the off a local server in 
the DC site. central site. the Provo site. 
Perform full backup Perform full backup Perform full backup 
as regularly as OQU=DC as regularly as OU=DC as regularly as 
needed Partition Root needed Partition Root needed off servers 


in a central site. 


When to Use _ When to Use When to Use 
Use this method when there is Use this method when there is Use this method when there is 
no central location that holds a central location that holds a central location that holds 
copies of all replicas. copies of all replicas with a oopies of all replicas with a 
centralized IS department. centralized IS department, but 


still have the need for local 
backups as well at the the 
distributed sites. 


One large Novell customer uses a model of a maintenance replica that backups 
and maintenance are run against. This replica can be taken offline for quick 
repairs (for example, telling DSREPAIR to “Lock the Database”) and is the 
central point for backups using Legato on NetWare and backing up to a disk 
farm running on Solaris. 


DSREPAIR is Novell's multi-platform directory maintenance utility. On NetWare, load 
DSREPAIR.NLM. On Windows NT, launch DSRepair from the NDS Services icon in 
Control Panel. For Solaris and Linux, run ndsrepair. 
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Keeping NDS eDirectory Healthy 


The health of the directory service is vital to any organization that is deploying it 
in any fashion. The tools and techniques used to keep NDS healthy are well 
documented in Novell’s Certified Directory Engineer (CDE) Course 991: 
Advanced NDS Tools and Diagnostics. This course is currently available from any 
Novell Authorized Education Center (NAEC). In this course you will learn how to: 


e Perform NDS health checks 
e Perform NDS operations properly 


e Properly diagnose, troubleshoot, and resolve NDS issues 


e Utilize NDS troubleshooting tools and utilities 


To learn more about this course and about Novell’s new Certified Directory 
Engineer certification program, or to find an NAEC near you, visit the Novell 
Education Web site at http://education.novell.com. 


Novell Consulting Services also provides NDS eDirectory Health Checks for 
customers. More information on this option can be obtained at 
http://services.novell.com. 


Monitoring NDS 


A healthy NDS tree is usually the product of a strong monitoring strategy. 
There are two approaches to monitoring NDS: reactive and proactive. 


e The reactive approach involves simply responding to problems. For example, 
when users can’t access a particular part of the tree, an IS engineer attempts 
to find out why by monitoring NDS, usually via the DSTRACE utility on the 
appropriate platform. 


e The proactive approach involves closely monitoring the NDS operations over 
time to create baseline performance figures that can be used when 
troubleshooting or when making decisions regarding future enhancements. 
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Novell recommends proactive monitoring of NDS whenever possible. The 
DSTRACE utility now runs on NetWare, Windows NT, Solaris and Linux. This 
tool will assist in the monitoring of the vast resources of NDS eDirectory. 
However, it is usually wise to invest in third-party products that Novell’s 
partners create. These tools allow for proactive management of your NDS 
eDirectory environment. Here are a few of these partners. 


e BindView—http://www.bindview.com 
e Blue Lance—http://www.bluelance.com 


¢ NetPro—http://www.netpro.com 


For more information on Novell’s partners, visit the Novell partners Web site at 
http://www.novell.com/partner/novell.html. 


If you need to monitor or audit certain characteristics of NDS for which our 
partners do not provide the necessary tools, Novell Consulting Services can 
leverage the Novell Event System to provide customized assessment and 
auditing solutions that precisely fit customer needs. 


NDS has come a long way since its inception some eight years ago. In this age 
of the Internet and eBusiness, NDS eDirectory has become a powerful tool of 
change in a world that is changing rapidly. Novell will continue to update NDS 
eDirectory to meet the changing needs of both corporate networks and 
eBusiness environments. As NDS progresses, this document will be updated to 
include new recommendations as necessary to ensure your continued success 
with NDS eDirectory. 
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Enabling Roaming Lotus Notes 
Users with ZENworks for Desktops 


The ability to check Lotus Notes e-mail from any computer in an enterprise 
environment would make any user happy, especially if the user travels from site 
to site within the company. Fortunately, this is a task for which Novell’s 
ZENworks for Desktops is ideally suited. 


ZENworks is a directory-enabled desktop management solution. Its integration 
with Novell Directory Services (NDS) enables automated software distribution 
and management for networked PCs from a central location. It enables network 
administrators to automate the process of distributing applications, policies, and 
personal desktop configurations. In addition to policy-based workstation 
management and secure remote control, ZENworks provides the intelligence 
that enables desktop applications to “self-heal” in the event an end user deletes 
an essential system file or otherwise corrupts the application. 


This AppNote provides step-by-step instructions on how to enable a “roaming 
Notes” capability for your users with ZENworks. The procedures described 
herein explain how to take an existing installation of Lotus Notes and adapt it for 
roaming users. The basic strategy is to eliminate the need for security files to be 
stored on the local hard drive, placing them instead on a NetWare server where 
Novell Directory Services (NDS) can protect them. 


For additional information on ZENworks for Desktops, visit the product Web 
site at: 


hitp://www.novell.com/products/zenworks 
Another good resource is the ZENworks Cool Solutions site at: 


http://www.novell.com/coolsolutions/zenworks 
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Benefits of “Roaming Notes” 


Initial Preparation 
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The “roaming Notes” application described in this AppNote has the following 
benefits: 


e Once you have performed the described procedures, users can check their 
Lotus Notes e-mail from any computer in the enterprise, even from a 
computer on which “roaming Notes” has not been configured. 


e Novell Directory Services will protect all security files because they are 
stored on the network instead of on a local hard drive. 


e “Roaming Notes” is delivered via ZENworks’ Application Launcher and 
therefore takes advantage of the “self-healing” feature of ZENworks-delivered 
applications. 


e The application can be fault tolerant and load balanced. 


e The application can be configured to use the “Launch Closest Application” 
feature to minimize WAN traffic. 


It is critically important that you follow the instructions contained within this 
AppNote exactly as they are given, to ensure that users’ e-mail accounts do not 
become corrupt. 


The main steps in the initial setup process are: 


e Building a “Get-Files” Application object 
e Building a “Get-INI’” Application object 
e Building a “Delete-Files” Application object 


e Editing “Get-Files” to call “Get-INI” and “Delete-Files” upon distribution to 
the user. 


Once these preparatory tasks are completed, you can create an Application 
object to run a ZENworks-delivered version of Lotus Notes. Roaming users can 
then click on the icon for this application to run “roaming Notes” from any 
workstation on the network. 


This AppNote assumes that you have ZENworks for Desktops already installed 
on your network. For information on how to install and set up ZENworks, see 
the documentation that came with the product. 


LOTUS NOTES USERS WITH ZENWORKS FOR DESKTOPS 


Building the “Get-Files” Application Object 


The first step in the process is to build an Application object that will copy the 
Lotus Notes files from the hard drive to a network drive. 


1. Using the NetWare Administrator utility, create an NDS Application object 
and name it “Get-Files”. 


2. When Get-Files runs, we want it to first copy the Notes data files from the 
local C\Notes\Data directory to a corresponding directory on a network 
drive. Preferably, this should be a standard drive mapping. The users’ home 
directories will work fine if the server has enough disk space. If not, you 
might consider using a dedicated server. In this AppNote, we will use the P: 
drive. You set this up from the Application Files page of the Application 
object (see Figure 1). 


Figure 1: Configuring “GetFiles” to 8 Application:Get-Files 
copy the local Notes data files to a 
network drive. 


P. \Notes\D ata 


Be sure to select the “Copy if newer” option under “Select item(s) options” 
so only older files will be overwritten. 
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3. Next, we need to search in the C\Notes\NOTES.INI file for references to 
the C: drive and replace them with references to the network drive (drive P: 
in our example). This process can be configured on the Text Files page (see 


Figure 2). 


Figure 2: Replacing references to the 
local drive in NOTES.INI with 
references to the network drive. 


C:\Windows\notes. ini 


4) CettificateE xpChecked=C:\ 
Directory=C:\Notes\Data 


Configure Get-Files to search for “CX” and replace it with “P\” in only the 
three lines listed below, following the example shown in Figure 2: 


SPELL_DIR=C: \ 


CertificateExpChecked=C: \ 


Directory=C:\Notes\Data 


4. On the System Requirements page (see Figure 3), add the following 
requirements for controlling the availability of this application: 


e File exists: P\Notes\Notes.ini 
e OS version: Windows95/98 
e OS version: Windows NT 


Be sure to set the operator for “File exists: P\Notes\Notes.ini” to “NOT 
exists” so that Get-Files will not run if the P\Notes\Notes.ini file exists. This 
is extremely important, as it prevents the application from prompting the 
user to install the application on every workstation the user logs in at. (You 
will see how the NOTES.INI file gets copied to the P: drive in a later step.) 
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Figure 3: Setting the System 
Requirements for GetFiles. 


SES : 
OS version: Windows 95/98 


OS version: Windows NT 


File, P:\Notes\Notes iri 
Operator: NOT exists 


5. On the Distribution page, check the options to force run each time the user 
logs in and to prompt the user before distribution of this application (see 
Figure 4). 


Figure 4: Setting the application to 


& Application:Get-Files 
prompt the user before distribution. 


It is very important that the user be prompted before the application is 
distributed, for we must ask users if this is the workstation from which they 
normally check their e-mail (see Figure 5). 
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Figure 5: Entering the text for the user 


prompt. 


Figure 6: Deleting the Lotus Notes 
entry from the Windows Start menu. 
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&! Application:Get-Files 


HHRRARAHATTENTIONHHHHHHHH HH 


s this computer where you normally check your email? 


6. Finally, we want Get-Files to delete the Lotus Notes shortcut from the 
Start/Programs/Lotus Applications menu. This is configured on the 
Icons/Shortcuts page, using the settings shown in Figure 6. 


Explorer Shortcut 


Lotus NoTES USERS WITH ZENWORKS FOR DESKTOPS 


Building the Get-INI Application Object 


The second step in the process is to build an Application object that will copy 
the NOTES.INI file from the local drive to the network drive. 


1. Create a new Application object and give it a name. In this example, we will 
use the name “Get-INI” since the only thing this application does is copy the 
CAWindows\Notes.ini file to P\Notes\Notes.ini. 


2. This action is configured on the Application Files page (see Figure 7). For 
Windows 95/98/NT, you can use the macro %*WINDIR%\ instead of 
hard-coding the source location of NOTES.INI. 


Figure 7: Setting up Get-INI to copy Application:Get-INI 
the NOTES.INI file to the network. 


P:\Notes 24 INDIR Z\Notes. init 


Be sure to select the “Copy if newer” option under “Selected item(s) 
options”. 


3. Don’t forget to specify the OS requirements of Windows 95/98/NT on the 
System Requirements page. 
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Building the “Delete-Files” Application Object 


In this step, we create a third Application object that will delete the Notes files 
from the local drive. 


1. Create the Application object and name it “Delete-Files”. 


2. On the Application Files page, configure the application to delete all files 
from the C:\Notes\Data directory, and also to delete the C\Windows\ 
NOTES.INI file (see Figure 8). 


Figure 8: Configuring Delete-Files to 
delete the Notes files from the local 
drive. 


| Application:Delete-Files 


C:\Notes\D ata 
Notes. ini C:\Windows 


3. Again, make sure you set the correct OS on the System Requirements page. 


At this point, you should have three new NDS objects, as shown in Figure 9. 


Figure 9: The three Application 


objects needed for “roaming Notes.” "g APPS-Novelll 
JDelete-Files 


fGetFiles 
EgGet INI 


Editing the Get-Files Application 


For this step, you will need the NALRUNW.EXE file found in the ZENworks 
Application Management Toolkit (for ZEN 1.x). This toolkit is available as a free 
download from: 


http://www.novell.com/coolsolutions/zenworks/assets/apptools. exe 
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Figure 10: Configuring GetFiles to 
run Get-INI and Delete-Files after it is 
distributed. 


NALRUNW is used in pre- or post-distribution scripts to call other applications 
that you want to be run in a specific order. We will use it to have Get-INI and 
Delete-Files run after Get-Files is distributed. 


Copy the NALRUNW file into the SYS: PUBLIC directory on a server your 
users have mapped as a search drive. 


On the Distribution Scripts page of the Get-Files Application object, add the 
lines shown in Figure 10. 


]BNALRUNW NOVELL GetINLAPPS-Novelll AMERICA /w 
]#NALRUNW NOVELL Delete Fies APPS-Novelll AMERICA /w 


Associate the user(s) that will need the “roaming Notes” capability with the 
“Get-Files” application. This can be done for individual users, groups, or 
containers. 


Application Sequence 


With these preparations in place, the following sequence is followed when as 
associated user logs in to a workstation. 


1. 


The ZENworks Application Launcher is started (from the user’s login 
script) and delivers the Get-Files application to the user. 


Get-Files checks for the existence of P\Notes\Notes.ini. If this file is found, 
the application will abort. If the file is mot found, the application continues. 


Get-Files displays the prompt asking the user if this is the workstation 
from which he or she normally checks e-mail. If the user responds “No”, 
the Get-Files application terminates. If the user responds “Yes”, the 
application proceeds while the user continues checking his or her e-mail 
in the usual way. 


Get-Files copies the files from C:\Notes\Data to P:\Notes\Data. It also 
performs the search and replace operation on the C\Windows\notes.ini file. 


. The Get-INI application starts as specified in the Distribution Scripts for 


Get-Files. This application copies the NOTES.INI file to the P\Notes 
directory. 


The Delete-Files application runs next, deleting the files under 
Cx\Notes\Data as well as the C\Windows\Notes.ini file. 


At this point the computer is automatically rebooted without any user 
intervention. 
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The trick is that the Get-Files application also distributes the Get-INI and 
Delete-Files applications. The Get-INI actually copies the NOTES.INI file to the 
P: drive. The Get-Files application is set for a forced reboot so that the next time 
the ZENworks Application Launcher is run, the Get-Files application will not be 
visible to the user. 


Everything is now ready for the user to run Lotus Notes via the ZENworks 
Application Launcher. As a bonus, the data files are now securely stored on the 
network, where they fall under the protection of NDS. 


Delivering Lotus Notes with ZENworks 


The final procedure is to set up Lotus Notes to be a ZENworks-delivered 
application. Here is a brief guide to creating this application. 


1. Run the ZENworks snAppShot utility and perform a basic installation of 
Lotus Notes, accepting the default configuration. 


Create an application template (AOT) and then create an Application object 
for Lotus Notes in NDS. 


Edit the following items for the Lotus-Notes Application object: 


e On the Application Files page, all files that are designated to be copied to 
C:Notes\Data should be changed to P\Noted\Data. (Do not change the 
delivery location of the other directories under C:\\Notes\Data and the 
files that populate those directories. We are only concerned about the 
files directly under C:\Notes\Data.) 


Highlight all Application Files and select the “Copy if doesn’t exist” option. 


Under the “INI Setting”, change the delivery location of the NOTES.INI 
file to P\Notes\notes.ini. Then view the file. Change all lines to “Create if 
doesn’t exist” and then change the “CX” to “PX” under the Directory string. 


e On the System Requirements page, list the desktop operating systems 
and hard drive space required to load Notes (10 MB). 


It is important that you add a check for the existence of the P:\Notes\ 
Notes.ini file on the System Requirements page. Configure it so the file 
must exist in order for the application to run. That way, the Lotus-Notes 
application will not even be visible to the user if the P\Notes\Notes.ini 
doesn’t exist. 


e On the Icons/Shortcuts page, totally clear out all delivered icons. (Don’t 
click Delete, just wipe the fields blank.) 


e On the Environment page, make the working directory P\Notes (or 
wherever you copied the Notes.ini file). 
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Once you have created this application, associate the Get-Files and Lotus-Notes 
application to your roaming Notes users. The applications will take care of 
themselves as far as which ones the user can see and use. Since Get-Files is set 
for a forced reboot, it will not be visible the next time the application launcher is 
run. However, since the Notes.ini file is now on the P: drive, the Lotus-Notes 
application is now available. Also note that the Get-Files application deletes the 
entry for Lotus Notes in the users’ Start/Programs menu. Users therefore must 
select the Lotus-Notes icon from the ZENworks Application Launcher window 
in order to check their e-mail. 


When users click on the NAL-delivered Lotus-Notes icon, the program will 
take only a few seconds to install (because its only verifying files). Users will 
then be able to check their e-mail from any computer on the network. Even 
if a roaming user checks e-mail from a computer that is logged in to a 
NetWare 3.x (Bindery-based) server, the roaming user will not affect the 
local Lotus Notes account. 


Conclusion 


This AppNote has demonstrated the powerful capabilities of ZENworks for 
Desktops to deliver a “roaming Notes” solution for your network. If these 
procedures are followed exactly, your Notes users will be able to log in and 
check their e-mail from any workstation on the network. 
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4A, CONFIGURING 


BMAS 


Configuring BorderManager 
Authentication Services for Use 
with ActivCard Tokens 


This AppNote was developed after the implementation of ActivCard for a Swiss 
bank. The bank had a requirement for the provision of a system to allow 250 of 
its top private banking clients to access their account details online. As part of 
the implementation, it was found that the existing Novell and ActivCard 
documentation did not provide a sufficiently detailed description of configuring 
the BMAS/ActivCard combination. It was therefore decided that an AppNote 
should be produced on this topic. 


Instead of providing dial-in to their private network, as many other banks have 
done, it was decided to use the Internet, a public-access network which is 
universally available. Security is provided in a number of ways. Firstly, access to 
all servers is mediated by a Java-based piece of middleware, acting as a RADIUS 
Client, which is used to authenticate to Novell Directory Services (NDS) using 
the RADIUS protocol. ActivCard devices are used as tokens to verify the user’s 
identity. Secondly, all transactions between the user and the bank’s systems use 
Secure Socket Layer (SSL) to ensure that data is not visible in clear text when 
passing over the Internet. 


In other implementations of BMAS and ActivCard which have been undertaken 
by Connectotel, the RADIUS client is usually a hardware-based Remote Access 
Server (RAS) device, such as those provided by 3Com, Cisco, or Shiva. 


The installation and configuration instructions which follow include tests and 
deliberate errors which have been introduced to show the stages by which the 
various layers of communication aspects of the TCP/IP and RADIUS 
communication have been configured. 


Since this AppNote was written in Europe, it retains the British spelling used by 
the authors. 


POR USE WITH ACTIVCARD TOKENS 


What is RADIUS? 


RADIUS, the Remote Authentication Dial In User Service, was first described 
in Internet Request for Comment (RFC) document RFC 2058, published in 
January 1997. This RFC was updated and obsoleted by RFC 2138, published 
in April 1997. 


RADIUS is a proposed Internet standard which has been widely adopted for use 
in situations where a remote access device, such as a Remote Access Services 
(RAS) server, needs to authenticate a dial-in user to a directory service. In most 
RAS solutions, it is necessary to maintain a separate directory of users who will 
be using the RAS dial in option. In the case of Novell’s RADIUS implementation, 
the authentication of users is using existing user details stored in NDS. 


Novell’s implementation of RADIUS is known as BorderManager 
Authentication Services (BMAS). The software consists of the following: 


e RADIUS.NLM, located in SYS:SYSTEM and running on a NetWare 4.11/4.2 
or 5.x server 


e Asnap-in DLL, RADSNAP.DLL, located in SYS:PUBLIC\WIN32\SNAPINS 
and used by the NetWare Administrator (NWAdmin) utility 


The RADIUS “Server” will always be the NetWare server which is running 
RADIUS.NLM. The RADIUS “Client” will be the device which is using the 
RADIUS protocol to authenticate users. Note that the client is not a NetWare 
user, but is instead a device which will communicate with the NetWare server 
running the RADIUS.NLM, on behalf of the NetWare user. 


What is an ActivCard Token? 


Figure 1: The ActiveCard token 
device resembles a simple, pocket 
calculator. 


The ActivCard token device is a small, credit-card-sized device which looks like 
a pocket calculator, as shown in Figure 1. 
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Installation of BorderManager Authentication Services 


Note: 
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It is an example of a security token, which is used to provide strong 
authentication onto a network. Strong authentication when using ActivCard 
makes use of a combination of the user name, the token, and a one-time 
personal identification number (PIN) to determine that the user is really who he 
or she claims to be. Thus, this technology is suitable for use in environments 
where standard username and password security is not adequate and additional 
security is required. 


Prerequisites 

In order to implement BMAS with ActivCard the following hardware and 
software components must be made available: 

e NetWare 4.11/4.2 or 5.x server 

e Novell BorderManager Authentication Services 

e ActivCard One Tokens 

e Windows 95/98 or Windows NT 4/2000 client 

e ARAS server or other RADIUS “Client” component 


ActivCard One Tokens are available in a 5-token “promo” pack, or in a 50-token 
preconfigured pack. For availability and ordering details, visit 


http://www.activceard.com/products/BMAS-ActivCard/stronger.html 


BorderManager Authentication Services is installed from the CD-ROM using 
the INSTALL.NLM utility on NetWare 4.11/4.2 or the NWCONFIG utility on 
NetWare 5.0/5.1. When running NetWare 5.0/5.1, the installation is carried out 
through a GUI interface. In NetWare 4.11/4.2, the installation is a text-based 
interface. 


After installation of the software, you should install the latest BorderManager 
Service Pack, which at the time of writing was BM35SP1.EXE, to ensure that the 
latest versions of the software components are being used. 


In some rare cases, during the installation of the BorderManager service pack, 

the TCPIP.NLM is zero bytes and cannot be loaded. In this case, do not copy a 
TCPIP.NLM from another NetWare Server without BorderManager, because the 

two TCP/IP stacks are currently not identical. Instead, go to http://support.novell.com 
and download the latest TCP/IP stack for BorderManager from the Minimum Patch List. 


It is understood that Novell is working on a consolidated TCP/IP stack for all products 
and will release this as soon as possible. 


The NWAdmin snap-ins for BorderManager are installed using the SETUP.EXE 
program, which is located in the SYS:PUBLIC\BRDRMGR\ SNAPINS directory. 


FOR USE WITH ACTIVCARD TOKENS 


Test 1: Connectivity Check. From the RADIUS Server, we pinged 
the TCP/IP address of the RADIUS client. (Note that this relies on the 
RADIUS Server system having a Ping utility, which is not always the case.) 
From the RADIUS server, we then pinged the TCP/IP address of the 
BorderManager server. 


This test ensured that the RADIUS Client and Server devices could communicate 
with each other. Once connectivity had been proven at the TCP/IP level, we were 
able to proceed with the next stage of the configuration process. 


Test 1: Troubleshooting. If connectivity had not been operating correctly, 
we would have adopted standard TCP/IP troubleshooting procedures, 
including checks of: 

e TCP/IP address and net mask of the RADIUS Client 

e TCP/IP address and net mask of the RADIUS Server 


e Router configuration and default routes, if the RADIUS Client and Server are 
on different networks 


e DNS configuration, if DNS names are being used 


Configuration of BorderManager Authentication Services 


Figure 2: Setting the Dial Access 
System password. 


We created a “Dial Access System” object in NWAdmin under the Resources 
container. In this case, we named the object CN=SunnyDialAccessSystem with 
a password of “novell”. This password is required when starting the RADIUS 
NLM, as shown below. 


The dialogue shown in Figure 2 appeared when we were creating the “Dial 
Access System” object. 


system Password 
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Figure 3: LOAD parameters 


recognised by the RADIUS.NLM. 
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We then loaded RADIUS.NLM at the file server console as follows: 


LOAD RADIUS name=SunnyDialAccessSystem password=novell 
RADIUS DISPLAY ALL 


We also placed these same two lines in the AUTOEXEC.NCF of the server. 
By default, the RADIUS.NLM listens on the following ports: 
e UDP 1645: authentication port 


e UDP 1646: accounting port 


The use of these ports can be verified by checking the UDP listeners in 
TCPCON.NLM. If different port values should be used, you can change them on 
the command line when loading RADIUS.NLM. The load parameters 
recognised by RADIUS.NLM can be seen in Figure 3. 


) RADIUS ? 
le RADIUS.NLM 


eptember 15, 1999 
96-1999 Nevell, Inc. 
ayright 1986-1995 RSA Data Security, Inc. 
CC) Copyright 1986-1990 RSA Data Security, 


> server Type 
eFormat> rol 


Test 2: RADIUS Client Requests. From the RADIUS Client, we attempted 
to log in as a user. 


On the RADIUS DISPLAY screen of the server, a message appeared indicating 
that the login was not accepted for the reason that the “Client is not known”. 
This test proved that the RADIUS Client and Server were able to communicate 
using the RADIUS protocol. Port 1645 or 1812 may be used for communication 
between the RADIUS Client and Server. For an explanation of the difference 
between port 1645 and 1812, see the Implementation Note section of RFC 2138. 
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Test 2: Troubleshooting. If the RADIUS message was not seen, we would 
have checked the following areas: 


e TCP/IP connectivity, as described in Test 1 above 


© The RADIUS DISPLAY ALL command should be entered at the system 
console and in the AUTOEXEC.NCF file 


e Ports 1645 and 1646 are being allowed through any routers or firewalls 
between the RADIUS Client and Server. 


Dial Access System Client Configuration 


Now that the RADIUS communication had been proven, we updated the 
Dial Access System Configuration to add the address of the RADIUS Client 
system which would be communicating with RADIUS.NLM running on the 
NetWare server. 


In this case, the IP Address was 10.1.1.10 and a Generic RADIUS type was 
chosen, as illustrated in Figure 4. In other circumstances, a different RADIUS 
Server type such as Shiva or Cisco might be chosen. The full list of currently 
supported client types can be seen in the pull-down menu for “Client Type”. 


Figure 4: Configuring a RADIUS 
Client on the RADIUS Server. 


After this change, we unloaded and reloaded RADIUS.NLM at the server 
console so that the new RADIUS configuration could be read from NDS. 
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Figure 5: Assigning a Dial Access 
Service to an NDS User. 
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At this point, the administrator can also configure the Username Resolution 
option for the Dial Access System. This option dictates how users’ names will be 
resolved when they attempt to log in through RADIUS. In this case, fully 
distinguished names were being used, so no Username Resolution 
configuration was necessary. 


Test 3: Login Attempt. With the next login attempt, using the fully 
distinguished name, the message “Access Rejected” was displayed. This was 
correct because the user had not yet been activated for use with this Dial 
Access System. 


Test 3: Troubleshooting. If “Access Rejected” had not been displayed, we 
would have repeated Tests 1 and 2 above to ensure that these have been 
successful. If necessary, we would carry out the relevant troubleshooting. 


Assigning the Dial Access System to the User 


We selected the “Dial Access Services” property page for the User object. We 
clicked the Enable radio button and chose the previously-configured Dial 
Access System, SunnyDialAccessSystem (see Figure 5). A prompt indicated 
that rights were about to be changed so that the User object could see this Dial 
Access System. 


SunnyDialAccessSystem.Resources.Sun 
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Test 4: Login Attempt. At this point we attempted another login. On this 
occasion, we saw the message “Invalid Password”. 


Test 4: Troubleshooting. The “Invalid Password” message can have a 
number of different causes. For example: 


e The user’s NDS password has not been provided correctly. 


e The password is being transmitted as “Clear Text” or using the CHAP 
protocol, or there is some other mismatch between the protocols being used 
to transmit the password on either side. 


e The “Shared Secret” is not identical on the RADIUS Client and on the 
RADIUS Server. 


In this case, the “Shared Secret” on the RADIUS Client was not configured the 
same on the RADIUS Client and Server. After we corrected this on the RADIUS 
Client, we were able to proceed with further configuration. 


Dial-in Profiles 


Dial-in Profiles can be defined optionally at this stage to provide a set of special 
parameters for each type of RADIUS Client system. You can further expand the 
profiles used and assigned through user-specific additional parameters. This 
provides for a very flexible configuration. In this specific example, no special 
profiles were required. 


As an example, we configured the Dial-in Profile SunnyProfile. 


Configuration of the ActivCard Authentication Container 


The next step was to create an ActivCard container in which the ActivCard 
device objects were to be located. In this case, we named the container 
“ActivCard”. 
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Figure 6: Importing the ActivCard 
device images. 


Figure 7: The ActivCard serial 
numbers appear underneath the 
ActivCard container. Each serial 
number could now be assigned to a 
user. 
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Opening this object in NWAdmin showed the Import Device Images page 


(see Figure 6). 


&! ActivCard Authentication Contamer:ActivCard 


a\NOVE_0672624_0049_D5.DEV 


We selected this option to import the ActivCard serial number information 
provided on a diskette supplied with the ActivCard devices (see Figure 7). 


& 0672638218 
0672639704 
& 0672639946 
& 0672640338 
& 0672640522 
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Test 5: ActivCard Password Test. Now, within NWAdmin using the 
Password Tests page of the ActivCard device object, we could test the ActivCard 
password as shown in Figure 8. 


Figure 8: ActivCard Password Tests. 


ees 


Clicking on the Test button displayed the dialogue shown in Figure 9. 


Figure 9: Testing the ActivCard 
Password. 


At this point, we switched on the ActivCard device for the first time and entered 
the default PIN, 1254. On first activation, we were prompted for a new PIN, 
which we entered twice. 


NOVELL APPNOTES © MAY 2000 53 


It was now possible to proceed to create the relationship between the ActivCard 
device and the User object (see Figure 10). 


Figure 10: Creating the relationship 
between the User object and the 
ActivCard device. 


& 0672638218 ActivCard Resources. Sunny 


Test 5: Troubleshooting. If the ActivCard password test had not been 
successful, the most common cause is that the ActivCard snap-ins have not been 
correctly installed on the server from which NWAdmin is being run. If this is 
the case, we would install the ActivCard snap-ins using the BorderManager 
SETUP.EXE as described previously. 


Defining a New User 


The definition of a new ActivCard user takes place in three stages. This process 
will be carried out for every new user who will be accessing services via the 
RADIUS server. 


After the new user had been created as a User object, we made the following 
two definitions in NWAdmin: 


e After opening the User object and selecting the “Login Devices” property 
page, we clicked the Add button and selected the ActivCard device for the 
user from the NDS tree. 


e On the “Dial Access Services” property page of the User object, we selected 
Enable and assigned the SunnyDialAccessSystem to the user. 
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We made the third configuration change in the Login Policy object, as shown in 
Figure 11. 


Figure 11: Updating the Login Policy object. 


® [Root] 

&& Playground 
a Sunny 
Lg Bern 
}-"@ Maur 
}-"g Resources 
*g Sales 
°8 users 
+" zen 
78 Zurich 
+ & Admin 


| #4 Subnet 92 


Applications 
FASecuri 


+ &) 168_192_iN-AD 
- @ moon_universe 


unnpDialAccessS 'ystem Resourc.. sdvia.users. Sunny 


tT Login Bule 


unnyDialccessS ystem. Resources. Sunny 


sivia.users. Sunny 


= meh 
f& silVia.users.S uring 
8 Zurich Suney 


We opened the Login Policy object in the Security container, chose the Property 
Rules, selected “Modify”, and inserted a new user. 


Test 6: Login Test. We carried out the final test out in the following stages: 


e We entered the User Name at the remote user login screen. 
e We switched on the ActivCard device. 
e We entered the ActivCard PIN on the ActivCard device. 


e We entered the number generated by the ActivCard device into the remote 
user login screen. 
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Figure 12: Radius display screen. 


Conclusion 
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On the Radius DISPLAY screen, the information shown in Figure 12 was 
displayed: 


The name of the organisation has been removed from this screen shot. 


The different entries represent the tests which were carried out and which 
generated the information shown on this screen. On the first attempt, we 
entered a wrong password for .admin.orgname. On the second attempt, we 
entered the name of a user which exists in NDS but is not enabled to use the 
Dial Access System. After that, we enabled the user for the Dial Access System, 
and on the third attempt, the user was authenticated and accepted. 


This AppNote has shown how an ActivCard solution can be implemented in 
your own environment. Whilst the authors are unable to provide technical 
support, we welcome comments or suggestions for additional AppNotes in this 
subject area. Contact Marcus Williamson as marcus@myrealbox.com. 


Additional Resources 


The following additional documentation may be useful in the installation and 
configuration of Novell BorderManager products: 


e “Overview of New Features in BorderManager Enterprise Edition 3.5” 
by Laura Pan 
http://developer.novell.com/research/appnotes/1999/a9911.hitm 


e “Configuring ActivCard One Tokens with BorderManager Authentication 
Services” Quick Start Guide 
http://www.activeard.com/products/BMAS-ActivCard/toknBMASguide. pdf 


e “Novell BorderManager: A Beginner’s Guide to Configuring Filter 
Exceptions” by Craig Johnson 
http://nscsysop.hypermart.net/ 
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was a DOS-based product. It was like stumbling across an old friend 

when I recently visited the Pegasus Web site at http://www.pegasus. 
usa.com. In view of the many changes that have transpired over the 
years, I thought it was high time to do some catching up. 


; reviewed Pegasus E-Mail back in the dark ages of computing when it 


A Quick Look at Pegasus Products 


Before we look at the Pegasus Web site itself, here’s a quick overview of 
the company’s products. Believe it or not, Pegasus still has its DOS ver- 
sion available. As far as the New Zealand-based manufacturer is aware, 
this is the only surviving DOS e-mail program that is still a fully- 
supported product in the year 2000. Both it and the Windows version of 
Pegasus Mail are feature-rich 
e-mail clients that allow users 
to send, read, file, print, and 
otherwise manipulate mail 


distractions. 


centralized 


fully-integrated 
Internet e-mail services and mail- 
ing list management for Pegasus 
Mail users. 


Perhaps the most surprising 
of Pegasus Mail’s features is that 
it is free! You don’t have to pay a 
dime for the software; the small 
company derives all of its income 
from sales of hard-copy manuals 
and support. I have found that, 
for many users’ needs, Pegasus 
Mail works as well if not better 
than some commercial e-mail pro- 
grams. And it is extremely easy to 
install and get running, especially 
on the NetWare platform. 


Figure 1: The Pegasus site’s home page offers quick access to information without a lot of 


messages. They are small and 
fast, so they can be left running 
permanently on the worksta- 
tion without seriously impact- 
ing system resources. 


PEGASUS WAMAIL 
© ty David Cavers 


[heme overviews]] downloads] support |] 


manuals | links [fea [contacts 


Pegasus Mail has special 
support for Novell NetWare 
LANs that allow it to operate 
intuitively and with almost no 
maintenance. Pegasus Mail can 
act as a complete internal mail 
system on its own without 
needing further servers or 
components: it can send and 
receive Internet mail using 
standard protocols (SMTP, 
IMAP, and POP3). Adding the 
Mercury Mail Transport Sys- 
tem as a mail server provides 


need them, 


System overviews 
Version information and downloads 


Ordering manuals and support 
Encryption, other products, and links 
Frequently-asked questions 
Contacting Us 


NOVELL 


Welcome to the U.S. Web Site for Pegasus Mail, the 
Internet's longest-serving PC e-mail system, and for the 
Mercury Mail Transport System, our comprehensive 
range of Internet Mail Server products. Pegasus Mail and 
Mercury are free products, dedicated to serving all who 
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Newsflash! 


Pegasus Mail v3,12c for Windows is 
now available! 


Pegasus Mail ¥3,12 French Language 
| module available! 


| Linux and Pegasus Mail 
| Mercury/32 ¥3,01a available! 


New support consortium option offers | 
top tech support! 


Current Versions 
Pegasus Mail for Windows; 3.12c 

| Pegasus Mail for MS-DOS: 3.50 i 
| Pegasus Mail for Mac: 2.2.1 | 
| Mercury (NLM version): 1,47 


| Mercury (Win32 version}: 3.01a 
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The Pegasus Web Site 


This isn’t supposed to be a review 
of the product (though I will look 
at it for a future issue). So without 
further ado, let’s take a look at the 
Pegasus home page (see Figure 1). 


InRey 


Like most people, I expect a Web site to load 


quickly, be informative, and make it easy to find 


what I am looking for. Of course, it doesn’t hurt if it 


has a professional-looking design that is pleasing to 
the eye, either. The Pegasus Web site is all of these. 


The Pegasus site is much like the product 


itself: slim, efficient, without a lot of bells and whis- 


tles. The simple but attractive logo tops a page of 


links to the various sections of the site. A box in the 
right-hand corner contains news and version infor- 
mation. 


The main links are provided in two places: just 


below the logo, and in a stack on the left-hand side 
of the page. These include Home, Overviews, 
Downloads, Support, Manuals, Links, FAQs, and 
Contacts. As you drill down into the site, these 
same links remain in place at the top of the screen 
so that you will never get lost in the Pegasus site. 


The sections contain pretty much what you 
would expect them to contain. Overviews takes you 
to brief introductions of the products available at 
this site: Pegasus Mail and Mercury Mail 
Transport System. Downloads is where you go to 


obtain the software. Support takes you to a list of 


support options for the products. Manuals explains 
how you can purchase documentation and support 
options. 


Links takes you to a list of third-party products 
that enhance Pegasus Mail and other related infor- 
mation of interest to Pegasus users. FAQs is a link 
to frequently asked questions, and Contacts 
explains how to get a hold of the company in vari- 
ous ways. 


If you’re looking for an e-mail package that is 
quick to install, easy to use, runs on NetWare, and 
best of all is free, go visit the Pegasus Web site and 
check out Pegasus Mail. It’s definitely worth a look. 


—Thom Duncan, Senior Editor, 


Novell AppNotes 


58 M.&€ 7 NO TFs 


Foiling Hackers with Axent’s 
Intruder Alert 


ot a month passes 
without some story 
being reported in the 


national news about a hacker 
breaking into this or that sys- 
tem. A recent instance that 
comes readily to mind is the theft of millions of credit 
card numbers from a well-known Internet Web site. We 
may be living in the Information Age, but it is also the 
Information Theft Age. 


How do you protect your business against intruder 
alerts? A product called, coincidentally enough, Intruder 
Alert by Axent Technologies, may be just the ticket. 
Axent specializes in security solutions for networks, so 
they bring considerable expertise into their products. 
(You ought to visit their Web site at hitp://www.axent. 
com for information on other security-related products.) 


General Features 


Intruder Alert uses a technology called Drop & Detect to 
protect against hacker attacks. Axent claims this solution 
will protect not only against the attacks that hacker are 
using today, but also against whatever they might come 
up with tomorrow. The Drop & Detect function features 
pre-configured scenarios security administrators can choose 
from when installing Intruder Alert. These scenarios pro- 
tect systems against the most current and dangerous secu- 
rity threats to NetWare, Windows NT, and other enter- 
prise systems. With Drop & Detect, security administra- 
tors can globally update their systems without waiting 
for new “hard-coded” versions of software. 


Intruder Alert uses a combination of three standard 
intrusion detection methodologies: 


e 24x7 real-time, device level activity monitoring 
e Post-event audit trail review 
e Packet/segment monitoring 


The real-time event monitoring quickly detects and 
reports security-related events when they occur, reducing 
the risk of damage from network attacks from both sides 
of the firewall. Device-level security offers custom focus 
on critical devices throughout the network, such as 
routers, firewalls, Web servers, and so on. This helps 
keep customer networks current on protection for new 
hacker “targets.” 


For packet and segment monitoring, Intruder Alert 
uses NetProwler technology which adds a layer of packet 


spot-checking on network segments. It also incorpo- 
rates policy updates for new segments attack counter- 
measures. 


With Intruder Alert, you can monitor and respond 
to events throughout the entire network from a single 
management console. You can use the graphical inter- 
face from any desktop (Windows 95, Windows NT, or 
UNIX) to monitor data combined from devices that 
operate on most platforms, including UNIX, NT, and 
NetWare. You can expand Intruder Alert’s monitoring 
capabilities by tying it into leading single manage- 
ment-console framework systems such as IBM’s Tivoli, 
HP’s OpenView, and BMC/Patrol. 


Immediate Detection of the Most Dangerous 


Attacks 


Intruder Alert promises immediate detection of the 
hacker attacks listed in the following table. 


Security Administrators 


Firewall and router exploits 
Network-wide password guessing 
Audit trail management 


Denial of Service Attacks | Ping flooding 
SYN flooding 
Finger bombing 
E-Mail Attack Sendmail pipes 
WIZ attempts 
DEBUG attempts 
Critical File Exploits System access file changes 
System configuration changes 
Trojan horses 

UNIX kernel changes 


System Files Removed 
(UNIX and NT) 


Root exploits 
Buffer overflows 
Registry modifications 


Microsoft IIS 

Apache 

Netscape probing attacks 
SATAN 

ISS 

TCP half-open 


Web Attacks 


Information Security SWAT Team 


To supplement their security products, Axent has an 
Information Security SWAT Team whose mission is to 
keep up with the latest security threats and develop 
Drop & Detect solutions for Intruder Alert. This team, 
which combines security expertise from around the 
world, tracks events important to network security 
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and publishes security details on the latest attacks on 
the company’s Web site. 


Specifics on the NetWare Version 


Intruder Alert 3.0.1 for NetWare is the first “Agent 
Only” release that is Novell tested and approved for 
the following NetWare platforms: 


e NetWare 3.2 and 3.12 
e NetWare 4.2 and 4.11 
e NetWare 5.0 

e NDS v7.5 

e SFT III for 4.11 

e MP 5.0 and 4.11 

e NDS v8 (eDirectory) 


Intruder Alert 3.0.1 for NetWare addresses security 
threats specifically on NetWare operating systems by 
monitoring operating system and NDS events, and act- 
ing upon suspicious event activity through rule-based 
actions to prevent security breaches from occurring. 


Features of the NetWare version of Intruder Alert 
include: 


e New NetWare Console setup and installation 


e New upgrade feature allowing customers to upgrade 
existing 3.0 agents to Novell-certified 3.0.1 agents 


e New uninstall utility 
¢ Improved memory management and CPU utilization 
e Support for NetWare 5.0 NSS 64-bit file system 


In addition, the Intruder Alert 3.0 GA Manager and 
graphical interfaces, ITAView and ITA Admin, fully 
support the new Intruder Alert 3.0.1 for NetWare agent. 


—Thom Duncan, Senior Editor, 
Novell AppNotes 
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BEYOND THE BASICS: Volume 


Management in the NetWare 
Management Portal Utility-Part 2 


In last month’s Beyond the Basics column, we started 
looking at the Volume Management option that you see at 
the initial screen in the NetWare Management Portal 
utility (or Portal, for short). We looked at volume set- 
tings, which included the volume information screen 


(?), the volume name, the volume attributes, and 


mounting and dismounting NetWare volumes. This month, 
we'll look at what you see and what operations you can perform at the 
directory and file level using Portal. This column assumes that you are in 
the Portal utility and that you are logged in as Admin or SAdmin. 


Viewing Directories and Files 


Once you log in as Admin, you will see and have access 
to the server’s NetWare volumes. These can be either 
NetWare traditional file system or NSS (Novell Storage 
Services) volumes. You can also see local server parti- 
tions, such as the server’s local C: drive (see Figure 1). 


Note that Portal displays file system information to 
users according to the rights allowed through their 
authenticated NDS identity. If you don’t have adequate 
NDS rights, you won't have file access. 


Clicking on the SYS volume name from the initial 
Volume Management screen brings up a display of that 
volume’s file system structure, including subdirectories 
and files. The top column contains headings under the 
following columns: Info, Name, Size, Attributes, and 
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Date and Time (see Figure 2). 
This layout is carried throughout 
the directory structure. The single 
dot (.) refers to the current direc- 
tory folder, while the double dot 
(..) refers to the parent directory. 


The Directory’s Info Icon. 
Clicking on the Info icon to the 
left of the current directory folder 
(.) icon shows information about 
that directory. This information is 
categorized under three headings: 
Directory Entry Information, 
Trustee Information, 
Salvagable Files (see Figure 3). 


and 


Under the Directory Entry 
Information heading, you will see 
viewable information such as the 
directory’s designated owner writ- 
ten in “fully distinguished name” 
format. (You can assign owner- 
ship to directories and files 
through the FILER, NWAdmin, or 
ConsoleOne utilities.) You will 
also see the directory’s creation 
date and time, the effective rights 


Figure 1: The Volume Management initial screen shows the 


volumes that are currently available on this server, as well as the 


server's local drive. 


Greetings Admin 


‘Volume Management 


Server Management 


Application Management 


NDS Managernent 
Remote Serer Access 
Hardware Management 


Health Monitors 


Volumes 
Info Name 
SYS 


Attributes Mounted 
Cp Sa -- -- 
NSS_ADMIN N/A 
@ NsSvoL NA 
® ois 1355 NAY 


Figure 2: The basic structure that you see once you select a volume or directory structure. 


Size Attributes Date and 


28 404 KB 20 Apr 1999 0 

ARCSERVE.6 7,564 KB : 28 Apr 1999.0 
BKUPEXEC 9,252 KB 25 Jun 1999 0 
CDROM$§.ROM 532 KB 09 Apr 1999 0 
DELETED.SAV OKB 09 Apr 1999 0 
220 KB 09 Apr 1999 0 

30,180 KB 
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09 Apr 1999 04:44 AM 


tory that have been 
assigned at this spe- 
cific directory level. If 
explicit rights are 


time 

assigned at a different 
9:58 AM directory level, they 
wks won’t appear at this 
9:27 AM Adin 
4-44 AM level—you will only 
4:44 AM see what is explicitly 
4:44 AM assigned here. You 


can use this infor- 


4kKB 

4kKB 

1,300 KB 

0 KB 

117 756 KB 
64 KB 


09 Apr 1999 0 


for the user you are logged in as, your inherited rights filter, file space 
limit (if nothing has been assigned, you will see None in this entry), and 
file space in use (in kilobytes). 


Under the Trustee Information heading, you can see trustee assign- 
ment information about users who have been given explicit assignments 
at this directory level. The information includes their object name written 
in fully distinguished name format, and their trustee rights in that direc- 


Figure 3: By clicking the Info icon, you can see information about whatever directory 
you explore. 


Back to directory listing for. /SY¥S/users 
fe uy 4 


Directory entry information 
Owner .CN=eliebing. OU=Lab.O=megalith. T=BINARY. 
Creation date and time 20 Apr 1999 09:50 AM 
Effective rights SRWCEMFA 
Inherited rights filter SRVVCEMFA 
File space limit None 
File space in use 36,376 KB 


Trustee information: 


Object name Trustee rights 
.CN=ed. OU=Lab. O=megalith. =BINARY. _RWCEMF _ 
.CN=eliebing. OU=Lab.O=megalith. T=BINARY. RWCEMFA 


Salvagable files: None 


Delete Directory | 
Rename Directory | New name: | 
Create Subdirectory New name: 
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15 Dec 1999 02:15 PM mation to see if users 
09 Apr 1999 04:44 AM have more directory 
09 Apr 1999 04:44 AM level rights than they 


O9 Apr 1999 04:56 AM should have and 
O09 Apr 1999 04:56 AM 


5,132 KB 09 Apr 1999 04:45 AM 


at what directory 
level they have been 
assigned. 


For example, suppose .CN 
=eliebing.OU=Lab.O=megalith. 
T=BINARY shows that user 
ELIEBING is logged in to the tree 
BINARY in the Lab Organiza- 
tional Unit, and has all rights 
assigned to him at the SYS:\ 
USERS directory level. This is 
due to a direct assignment to this 
directory level so the user can act 
as a container administrator. 
However, if those trustee rights 
do not match how you think 
trustee assignments should have 
been designated to users, you can 
use this information to then look 
into group or trustee equivalent 
assignments that can give this 
user the rights that you see 
explicitly displayed at this direc- 
tory level. 


The eight NetWare trustee 
rights basically work the same 
whether they are assigned for a 
directory or for a file. Here is a 
quick summary of what these 
rights allow and when they 
should be granted. 
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Right ___| Description _ ‘WhentoGrant —__ 

A (Access Control) Allows users to grant and revoke trustee Grant this right to directories where users 
assignments to other users and groups in this need to share directory/file access, or to 
directory or file. Users with the A right can also users who manage other users or 
modify the Inherited Rights Filter for the directory application access. 


of file. 


directories and other directories where 


they commonly store files. 


E (Erase) Allows users to delete existing files and directories. | Users often need this attribute in home 


Certain applications change file attributes as 
they run and need Modify rights to work 


properly, so you might have to experiment 
with the applications or utilities that are run 


M (Modify) Allows users to change file and directory Grant this right if you want a user to be able 
attributes, or file and directory flags. to change flags on files in this directory 


in this directory to see if users need this right. 


S (Supervisor) Allows users to give all rights to other users Only grant this right to users who need to 
within this directory. manage other users or applications within 
the directory (some applications insist that 
the installer have Supervisor access to the 
directory or be Supervisor equivalent). 


access.) 


F (File Scan) Allows users to search the directory for files and NetWare uses File Scan in conjunction with 
directories. If users don’t have this attribute to this the Read right in order for users to be able 
directory, they'll see “File Not Found” when they to read and open applications in the 
type DIR in the directory. directory. (Read and File Scan are the 

default rights users are granted for file 


R (Read) Allows users to read information that is Read and File Scan are the default rights 
contained in the designated directory. users are granted for file access. 


Write, 


Modify (to modify file attributes). 


W (Write) Allows users to write to a file within the directory. For users to actually write to a file or copy 
a file into this directory, they will need 
Create, File Scan, and sometimes 


C (Create) Allows users to create and write to new files as Users will also need the Read and Create 
well as create new subdirectories. rights if they are to re-open any files they 


close. 


If you want users to be able to copy files, they will need at least Read 
and File Scan rights in the directory from which they are copying files, 
and at least Write, Create, File Scan, and sometimes Modify rights in the 
directory into which they are copying files. 


Salvaging Files through Portal 


Click on the “Select for List” link next to the Salvagable File entry to see a 
list of the files that are salvagable in this directory (see Figure 4). You can 
then either salvage or purge those files from the list (either action takes 
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them off the list) or simply purge 
all files in this directory by clicking 
on the Purge All Files button. 


If you purge all files in this 
directory, you will see no files list- 
ed if you select the “Select for List” 
link. The next time you go to this 
screen, you will see “None” listed 
after the Salvagable Files entry. 


Figure 4: From the Portal and the FILER utilities, you can salvage and purge deleted files that have not yet 


been purged from the server. 


[Back to directory information page for. (SYS) 


Salvagable files 


Salvage Purge Name 
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Working with Directories 


Depending on what level you are 
at, you are also given three 
directory/subdirectory choices: 
Delete Directory, Rename 
Directory, and Create Subdirec- 
tory. You must have sufficient 
rights to perform these creation 
or deletion actions (which is why 
we log in as Admin). If you select 
the Delete Directory option, you 
will be asked to confirm the dele- 
tion of the directory and its sub- 
directories. However, the directo- 
ry must be emptied of any exist- 
ing files and/or subdirectories 
before you can use this option. 
(Faster deletion of both files and 
directories can be performed in 
DOS through the DELTREE 
command or through the 
Windows Explorer utility.) 


To select the Rename 
Directory option, first type the 
New Directory Name that you 
want this directory to be called, 
then click on the Rename 
Directory button to put that 


Last modified date and 
time 
21,026,450 03 Dec 1999 05:13 PM 
21,026,450 03 Dec 1999 05:13 PM 

385,348 03 Dec 1999 02:32 PM 
385,348 03 Dec 1999 02:32 PM 
3,205,588 22 Dec 1999 02:37 PM 
3,209,143 11 Dec 1999 03:14 PM 
6 247 281 23 Nov 1999 10:13 AM 
6,247 281 23 Nov 1999 10:13 AM 
131,072 08 Jun 1997 10:46 PM 
83,492 18 Dec 1999 12:08 PM 
83,492 18 Dec 1999 12:08 PM 
881,351 22 Dec 1999 07:11 PM 


Size 


name into effect. The same goes 
for the Create Subdirectory 
option: first type in the name of 
the new directory you want to cre- 
ate at this level, then click on the 
Create Subdirectory button to 
create the new directory and see it 
in its subdirectory context. Click 
on the Back button to return to 
the directory structure screen. 


Directory Size. The Size col- 
umn that you see when you select 
a volume/directory reflects the 
size of all files in the directory as 
well as all subdirectories below 
the present directory. This way, 
you can click on a directory such 
as USERS and see the names of 
all of the users and how much 
disk space they own—an easy way 
to find disk hogs. 


To find out how much disk 
space is taken by a particular 
application, just click on the 
application’s main directory and 
all subdirectories will be included 
(except for any data files that are 
saved to a location other than a 
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Unknown 
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Unknown 
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subdirectory of the 
main directory). For 
example, by clicking 
on the SYS volume, 
you can see that the 
SYS:\Java directory 
and corresponding 
subdirectories are tak- 
ing up about 30MB of 
disk space. The SYS:\ 
NDPS directory and 
its subdirectories are 
using 117MB, while 
SYS:\PUBLIC and its 
subdirectories are 
using 98MB. (Your 
directory/ subdirectory 
sizes will vary.) 


If you click on 
the SYS:\PUBLIC 
directory, you can see where most 
of the disk space is being taken 
up. For instance, you can see 
that 49MB is found in the SYS:\ 
Public\Mgmt directory path. 
Going into the Mgmt directory, 
you see that the SYS: Public\ 
Mgmt\CONSOLEONE directory 
and its subdirectories are using 
18MB, while the SYS:\Public\ 
Mgmt\CertConsole directory and 
its subdirectories are using 
about 16MB. If you want to use 
Portal to find out how much disk 
space is being used in one particu- 
lar directory and subdirectories 
also exist there, you'll have to do 
some math. 


You can keep drilling to see 
how much disk space the files and 
directories are taking up on any 
traditional NetWare volume. 
(This disk space information is 
currently unavailable on NSS vol- 
umes.) 


Directory Attributes. Clicking 
on a directory’s Attributes link 
shows you the attributes that can 
be set at the directory level (see 
Figure 5). 
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Figure 5: This screen lists the attributes that you can set at the directory level. 


/SYS/users 


Folder Attributes 
T System 


T Hidden 


I~ Archive archived: 


T Immediate Purge 
T™ Dont Compress 


T™ Dont Migrate 
T Delete Inhibit 


T Rename Inhibit 
renamed. 


T Immediate Compress 


OK] Reset | 


Traditional NetWare file sys- 
tem volumes display the direc- 
tory’s attributes, while NSS 
(Novell Storage Services) and 
CD-ROM volumes do not allow 
you to change directory or file 
attributes at this time. 


Date and Time. The date is 
the creation date and time for that 
designated directory. The creation 
date and time are listed under the 
Date and Time column on the far 
right of any directory you view 
through the Portal utility. 


File Information 


At the bottom part of each direc- 
tory and after subdirectories are 
displayed, you will see the files 
that are contained in the direc- 
tory. Clicking on the Info icon to 
the left of a file brings up a screen 
that allows you to view the file’s 
owner, the last time the file’s date 
and time was modified, the file’s 
creation date and time, its last 
accessed and archived date and 
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Description 


If checked, this indictates a system file or folder. 

If checked, this indictates that this file or folder is excluded from 
normal directory searches. 

If checked, this indictates that the file or folder needs to be 


If checked, this indictates that when this file or folder or the folder 


contents are deleted and are unrecoverable. 


If checked, this indictates that this file or the contents of the folder 
cannot be compressed. 


If checked, this indictates that this file or folder cannot be 
migrated to near line storage.. 


If checked, this indictates that this file or folder cannot be deleted. 
If checked, this indictates that this file or folder name cannot be 


If checked, this indictates that this file or the folder contents will 
be scheduled for compression. 


time, its effective rights, its inher- 
ited rights filter, as well as the 
file’s logical size and how much is 
presently in use (see Figure 6). 


Under the File Information 
portion of the screen, you'll see 
who has been assigned as the 
owner of the file. By default this is 
the user who initially created the 
file, but ownership is 
settable through the 
FILER, NWAdmin, 
or ConsoleOne uti- 
lity. In our example, 


selected file. 


has never been archived, you'll 
see “None” in that date and time 
entry.) At the bottom of the File 
Information portion of the screen, 
you'll s ee the logical file size in 
its uncompressed state, as well as 
the disk space that it takes to 
store the file in its compressed 
state. In this instance, the NS- 
HTTPD.DB file is about 128KB in 
size, but only takes up 13KB 
when it is compressed. If you were 
to turn compression off on this file 
or directory or volume, the logical 
file size and the disk space in use 
should match. 


The Inherited Right Filter 
presents you with the rights 
that could be allowed at this 
level in the directory structure. 
In this case, it applies down to 
the file itself, presenting you 
with the ability to control file 
access through the file’s IRF. 
However, this is usually per- 
formed through the directory 
IRF or through trustee assign- 
ments to users and groups. The 
Effective Rights applies to the 
combination of trustee assign- 
ments as they are applied to the 
file’s IRF. 


Figure 6: Looking at the file information portion of a 


‘SYS/ns-httpd.db 


the owner of file NS- 
HTTPD.DB is the file 
system (server) itself, 
so it shows The- 
Matrix as the owner. 


Creation date and time 


After the owner 


File information 
Owner 


Last modified date and time 08 Jun 1997 10:46 PM 


THE-MATRIX 


08 Jun 1997 10:46 PM 


Last accessed date and time 15 Mar 2000 01:00 PM 


of the file, you see the 
date and time the file 
was created, along 
with the date and 
time the file was last 
modified, accessed, or 
archived. (If the file 


Logical file size 


Disk space in use 


Last archived date and time None 
Effective rights 
Inherited rights filter 


SRWCEMFA 
SRVWCEMFA 
131 072 Bytes 
13,824 Bytes 


Figure 7: Looking at the lock information on a selected file. 


Trustee information: None 
Global lock information: 


Use count: 4 

Opencount: 4 

Open for read: 4 

Open for write: 4 

Deny read: 0 

Deny write: 0 

Not locked 
File lock information by connection: 

Username Connection Task Lock status Log status 

SUPERVISOR 21 97 Open sharable Not logged 
Open sharable Not logged 
Open sharable Not logged 
Open sharable Not logged 


ADMIN 30 98 


SUPERVISOR 31 9g 
ADMIN a2 


Record lock information: 
Username Connection Task Record start Record end Lockstatus Log status 
ADMIN 32 100 00000023  OO00006D 
SUPERVISOR 31 99 O0000040  O00000EA4 
ADMIN 30 98 O0000011D 00000167 
SUPERVISOR 21 9? OO000194  o00001E4 


Delete File | 
Rename File | New name: ee 


Open exclusive Not logged 
Open exclusive Not logged 
Open exclusive Not logged 
Open exclusive Not logged 


Trustee and Lock Information. At the bottom of the screen (see 
Figure 7), you can view trustee information about the file, the file’s glob- 
al lock information, and the file’s lock information or record lock infor- 
mation. You can also delete the file and rename the file. 


The Trustee Information screen shows those users/groups that have 
been given an explicit trustee assignment to this file at the file level. 
Because of their inclusive nature, trustee assignments are usually given 
at the directory level so they can affect access to all the files within the 
directory. This approach is easier to manage than explicit trustee assign- 
ments for each file, but you can assign trustee access at the file level if 
you need to. 


In Figure 7, we see the locking information about a particular file that 
is opened by an application that performs record locking. As seen under 
the Global Lock Information heading, the file is currently in use by four 
connections, with each connection keeping the file open, and the file is 
opened for both reads and writes. 


These are explicit opens, meaning that the application running at 
each connection keeps the file open until the file is explicitly closed. 
Explicit opens are mainly used by database applications and each connec- 
tion shown here is using the same database application. Other files may 
be opened by users at this time, but show up as File Not Open under the 
Global Lock Information heading. This is because the application may 
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open the file only when it initially 
reads the file and then closes it 
until modifications are saved to 
the file. Then the file is opened 
again, modifications are saved, 
and the file is immediately closed 
once again until the application 
saves more modifications. 


Since directory/file informa- 
tion in Portal is not updated on 
the fly, you would have to catch 
the file “in the act” of locking as 
Portal initially came up. Unless 
you click on a file that is opened 
through a record locking applica- 
tion, you won’t see Global Locking 
information. 


The File Lock Information By 
Connection portion of Figure 7 
shows the names of the users that 
currently have this file opened, 
the connection number that the 
NetWare OS assigned to these 
users when they initially authen- 
ticated with NDS, the task num- 
ber that is performing the file 
open, the lock status of the file, 
and the log status of the users 
who have the file open. 


There is a set of Lock Type 
flags. In that set, one bit is used 
to flag whether the file is Open 
Shareable or Open Exclusive in 
the Lock Status column. Under 
the File lock Information screen, 
the Lock Status column shows 
that the file is Open Shareable— 
in this instance, the whole file is 
opened, but can by shared by 
other users as well. The files can 
be Logged or Not Logged, mean- 
ing that if the file is flagged as 
logged, TTS (Transactional 
Tracking Service) or its replace- 
ment is tracking usage of the file. 
These mechanisms keep track of 
changes so the updates can be 
“rolled back” if necessary to 
ensure integrity of the database. 
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Figure 8: This screen lists the attributes you can set at the file level on a Traditional NetWare 


volume. 


File Attributes 
T™ System 


™ Hidden 
M Archive 
T™ Immediate Purge 
T™ Don't Compress 


T™ Don't Migrate 

T™ Delete Inhibit 

l™ Rename Inhibit 
Immediate Compress 
l Read Only 


l™ Shareable 


Description 
If checked, this indictates a system file or folder. 
If checked, this indictates that this file or folder is excluded from 
normal directory searches. 
If checked, this indictates that the file or folder needs to be 
archived. 
If checked, this indictates that when this file or folder or the folder 
contents are deleted and are unrecoverable. 
If checked, this indictates that this file or the contents of the folder 
camot be compressed. 
If checked, this indictates that this file or folder cannot be migrated 
to near line storage.. 
If checked, this indictates that this file or folder cannot be deleted. 
If checked, this indictates that this file or folder name cannot be 
renamed. 
If checked, this indictates that this file or the folder contents will be 
scheduled for compression.. 
If checked, this indictates that this file cannot be deleted or 


modified. 


If checked, this indictates that this file may be used by multiple 


Deleting and 
Renaming Files. 
From the Info icon 
screen, you can also 
delete and rename 
files from within 
the Portal utility. 
(You must have 
sufficient rights to 
perform these act- 
ions.) To delete a 
file, click on the 
Delete File button 
found at the bottom 
of the File Informa- 
tion screen. You 
will then see a con- 
firmation page ask- 
ing if you are sure 
that you want to 
delete the selected 
file. Clicking the 
Yes button returns 
you to the Direc- 


users at the same tune.. 


™ Dont SubAlloc : 
for space saving.. 


T Execute Only 


T™ Transactional 


enabled. 


F Copy Inhibit 


Under the Record Lock Information heading, you can see similar 
information: the User Name, Connection number, Task, Lock Status, and 
Log Status. Under the Record Start and Record End headings, you also 
see the exclusive record lock offset information that each connection has 
acquired within the file. 


If you need to release a shared file that somebody has in use, you can 
do this from the Portal utility as well. For this example, suppose you 
needed to clear the user Supervisor under Connection 21 from this file. Go 
to the Server Management | Connection option and click on the Clear 
button to the right of the Station (connection) number under the 
Connections portion of the screen. Then by selecting the shared file again 
and clicking on the File Information icon, you now see that the Use Count 
has been changed to one less. If you have ever had problems with a locked 
file or need to know who has a file locked, or if you want to get the file 
unlocked for others to use, you can use this procedure to resolve these 
issues very quickly. 
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If checked, this indictates that this file may not utilize sub-allocation 
If checked, this indictates that this file may only be excuted as a 
program, no modifications will be allowed to the file. 

If checked, this indictates that Transactional tracking of data will 


If checked, this indictates that this file may not be copied. 


tory/File manage- 
ment screen. How- 
ever, you won’t see 
the file deletion 
change until you 
leave and go back 
into the Portal uti- 
lity. If you click on 
the file while it still 
appears, you'll see 
a “The document contained no 
data” message. 


To rename a file, first type in 
the New File Name that you want 
this file to be called, then click on 
the Rename File button to put 
that name into effect. However, 
you won’t see the file name 
change until you leave and go 
back into the Portal utility again. 
If you click on the file while it still 
appears under its old name, you'll 
see a “The document contained no 
data” message. 


File Attributes. Clicking on 
the Attributes column for a file 
shows you the attributes that can 


be set at the file level (see 
Figure 8). The traditional 
NetWare file system volumes 
display the file’s attributes, as 
well as NSS and CD-ROM vol- 
umes; however, as stated before, 
NSS and CD-ROM volumes do 
not allow you to change their 
directory or file attributes. 


Date and Time. The date is 
the creation date and time for 
that designated file. The creation 
date and time are listed under the 
Date and Time column on the far 
right of any file you view through 
the Portal utility. However, you 
can change a file’s date and time 
stamp if you need to through the 
FILER or the NWAdmin utility. 


Using the Upload Button 


If you need to copy some files to a 
NetWare volume or directory or to 
the server’s local hard disk drive, 
click on the Upload button at the 
top of the initial Directory/Volume 
screen. From the Browse button, 
select the directory and the file 
that you want to upload (see 
Figure 9). Then click on the 
Upload button. 
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Figure 9: You can browse for the file you wish to load, then click the Upload button. 


Choose the file to upload to /SYS: 


[DWetware Files\h372jsly. zlq Browse... | 


Upload | 


Those files that won’t be displayed or opened through the browser will 
bring up the Save As window that will allow you to copy the file to ano- 
ther directory. You simply click on the file, then select the directory where 
you wish to copy the file into, and click on the Save button. Again, for 
large file operations, it’s best to use a more fitting utility, such as 
Windows Explorer. 


Copying Files to the Server’s Local Disk Drive 


Through the Portal utility, you can also view the server’s local C: drive. 
By clicking on the C:\ drive under the Local Server Partitions section of 
Portal’s initial Volume Management screen, you'll see a screen similar to 
the one shown in Figure 10. 


The information displayed about files is limited to DOS capabilities, 
so you don’t see a lot. For instance, you cannot click on the directory or file 
icons to the left of directories and files in order to see their information. 
The Size column only shows file sizes, and for directories, the Size column 
displays “[dir]” in them. If you click on the Attributes column for a directo- 
ry, you will see three entries: System, Hidden, and Archive—the three 
attributes that DOS supports for directories. If you click on Attributes col- 
umn for a file, you'll have five entries: System, Hidden, Archive, Read 


Figure 10: Looking at the server's local partition information. 


Clicking on Files 


Depending on the type of 
file, you may be able to see 
that file’s contents by 
simply clicking on it. 
For instance, clicking on 
a *.JPG file displayed that 
file from within the Web 
browser. Of course, this 
depends on how you have 
your browser configured to 
display files. Other types of 
files may be configured to 
either run in the browser or 
the browser will call up an 
application to view the file’s 
contents. Text files may 
actually be editable and you 
can then save the changes 
to the file. 
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NWINST. TMP. 
NWSERVER 
AUTOEXEC.000 
AUTOEXEC.001 
AUTOEXEC 002 
AUTOEXEC 003 
AUTOEXEC.004 
A 
A 


UTOEXEC.005 

UTOEXEC 904 
AUTOEXEC. BAT 
BOOT$LOG.ERR 
COMMAND. COM 
CONFIG.000 
CONFIG.002 


Attributes Date and time 

08 Apr 1999 03:36 AM 
08 Apr 1999 03:25 AM 
18 Jan 2000 02:38 PM 
08 Apr 1999 03:45 AM 
08 Apr 1999 03:51 AM 
09 Apr 1999 01:03 4M 
08 Apr 1999 03:51 AM 
O6 May 1999 02:43 PM 
18 Aug 1999 04:35 PM 
16 Dec 1999 09:34 AM 
09 Apr 1999 01:07 AM 
16 Jan 2000 02:44 PM 
O08 Sep 1999 09:54 AM 
30 Sep 1993 06:20 AM 
08 Apr 1999 03:50 AM 


08 Apr 1999 03:50 AM 


[dir] 
[dir] 
[dir] 


Delete 
Delete 
Delete 
Delete 
Delete 
Delete 
Delete 
Delete 
Delete 


Novett APPNOTES ° MAY 2:0 0::0 67 


Net/1otes: 


Only/Read Write, and Shareable. These are the 
attributes that DOS supports for files. Most 

files you will see are flagged A,Rw, which is des- 

ignated as a Read/Write file that is flagged to be 
archived. 


The last two columns are Date and Time and 
Delete. The date is the creation date and time for that 
designated file or directory. The Delete column at the 
far right allows you to easily delete a file (not available 
for directories). By clicking on the Delete button to the 
right of any file you will see the “Are you sure you want 
to delete the file filename?” message. Clicking OK 
deletes the file, while clicking Cancel terminates the 
deletion process. File deletion depends on how the file 
is presently flagged—you may need to change a file’s 
flag from RO or SY or H to RW in order to delete it. 


You can use local server drive access to update 
server files. For example, suppose you are on a 
Windows workstation and you wanted to copy an 
updated driver that you copied to this workstation’s 
hard disk drive or to a network drive into the 
C:\NWSERVER\DRIVERS directory on server THE- 
MATRIX. By being logged in to the server so you have 
access to that server’s C: drive and by going to the 
NWSERVER\DRIVERS directory, you can then click 
on the Upload button. 


At the “Choose the file to upload to C:\ NWSERVER\ 
DRIVERS” screen, you next choose the file that you 
wish to upload through the Browse button on the 
right-hand side. Clicking on the Browse button brings 
up the File Upload screen, where you can browse and 
designate which file you wish to upload (as well as file 
type). Once selected, the file name and path is placed in 
the path window; click on the Upload button to copy 
the file. You will then return to the directory you were 
initially in. The file should appear as well. If the file 
already exists, it is simply overwritten (depending on 
how the file is flagged). 


Next Time 


The next Beyond the Basics article will start looking 
at the Server Management option on the initial 
NetWare Management Portal utility screen. The 
topics we’ll be discussing include Connections, 
Memory Management, SET Parameters, System 
Resources, Profiling and Debug Information, System 
Statistics, Scheduled Console Commands, Screens, 
and Options to down the server. 


—Edward Liebing, Senior Editor, 
Novell AppNotes 
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Directory Primer 


What Is a Directory Service? 


o far in this article series, ’ve explained 

why you would want a directory service 

and what we mean when we refer to an 
X.500 directory service. Starting with this article, I 
will explain directory service concepts for those of you 
who want to understand exactly what a directory ser- 
vice is and how it works. 


Sara Radicati, founder of the Radicati Group and 
an editor of the X.500 standard, states in her book 
X.500 Directory Services Technology and Deployment, 
that Novell Directory Services (NDS) “uses the exact 
X.500 design specification for the naming model, 
directory database and the server to server opera- 
tions. Yes, all of the features and functions described 
in the X.500 standard are implemented in NDS. 
NDS, however, provides significant functionality 
beyond the X.500 specification, providing a complete 
networking infrastructure that links users to net- 
work services, applications and data.” So, the basic 
directory concepts I explain in this series usually 
apply both to NDS and to the 1993 edition of the 
X.500 specification. 


Inside the Name Space 


Directory services have been around for several 
years, mainly in the enterprise environment. A 
directory service allows you to more easily manage 
your network resources. (As a directory service, 
NDS is a globally accessible, distributed database 
of objects that represent network resources, such 
as network users, servers, printers, print queues, 
and applications. ) 


Basically, a directory service maps the names of 
network resources to their respective network 
addresses. This enables a user to find a network 
resource by simply knowing its name. The user 
doesn’t have to know the resource’s address or its 
physical location on the network. Applications can 
also use a directory service’s database. For example, 
an email application can use a directory service data- 
base for names and addresses. 


A directory service also defines the naming struc- 
ture, or name space, for the network. A naming struc- 
ture is a set of rules that specifies how all network 
resources are named and identified. The rules ensure 


that each entity has a unique 
name and that no names are iden- 
tical. The directory service main- 
tains a correspondence between 
each network name and address. 
If a resource’s address changes, 
its name can remain the same. 
The network administrator 
simply changes the resource’s 
address on its object in the direc- 
tory service’s database. And, 
because each network resource 
only has one object, the network 
administrator only has to make 
this change once in order for any 
server or user to locate it. 


This means that applications 
and network users only have to 
know the name of any resource 
they need in order to locate it. 
Without a directory service, 
network administrators have to 
change the resource’s address in 
the database of every server that 
must use it. Users and applica- 
tions would have to know which 
servers have the information in 
order to locate the resource. 


More Than Just Names 


Even though the naming and 
locating of network resources is a 
directory service’s primary func- 
tion, the database can store other 
information about the network 
configuration and resources. 
Because each resource has an 
object, and each object has attrib- 
utes, the directory service can 
store any information about the 
resource that the network applica- 
tions or the network users would 
find useful. 


For example, User objects can 
store cell phone numbers, pho- 
tographs, salary information, 
employee ID, and home addresses. 
Information held by an object’s 


attribute can also be made 
secure so that restricted infor- 
mation can only be viewed by 
objects and users that have 
the correct security. You can 
modify the schema (set of 
rules that govern objects and 
attributes) to reflect the specif- 
ic needs of your network and 
applications. Applications can also 
modify the schema for their spe- 
cific needs. 


Summary 


In short, a directory service uni- 
fies all the network resources. A 
directory service enables users, 
administrators, and applications 
to think in terms of the entire net- 
work instead of the individual 
servers. In other words, instead of 
having to log in to several differ- 
ent servers and having to know 
which servers hold the printers, 
or which servers contain your 
authentication information, you 
simply log in to the network and 
use the printers on the network. 
The servers that are servicing the 
printers or holding your authenti- 
cation information are transpar- 
ent to you. In fact, because a 
directory service can be imple- 
mented as a distributed database, 
multiple servers could have the 
network information, providing 
fault tolerance, redundancy, and 
reducing network traffic. It no 
longer matters to you which 
server is logging you in. 


In the next article in this 
series, I'll describe NDS’s distrib- 
uted database and how it can be 
implemented as a replicated and 
partitioned directory. 
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Quick Tips 


Maximum Physical 
Receive Packet Size 


ome people lower 

the value for the 

“Maximum Phy- 
sical Receive Packet Size” para- 
meter to a value lower than the 
default value. For cards based on 
Intel's Ethernet PCI chips, a mini- 
mum value of 2048 is required. 
Otherwise, network performance 
may suffer or the driver may not 
work at all. These recommenda- 
tions are true for the following 
drivers: 


e F100B.LAN and CE100B.LAN 
(Intel) 


e HPTX.LAN and CHPTX.LAN 
(HP) 


e IBMFE.LAN and CIBMFE. 
LAN (IBM) 


e N100.LAN (Compaq) 


This information is included in 
TIDs 2953560 or 2953561. 


Novell Language Codes 


To find the language codes used 
by NetWare 5 servers, type 
“Language List” at the server con- 
sole screen. Here is a list of the 
codes for your convenience: 


Chinese (Simplified) 


] 
ro 
c= 


—Naney McLain, French (Canadian) 
Senior Research Engineer, 
Novell AppNotes French (France) 
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Software Virtual Servers on 
Netscape Enterprise Servers 


If you want to have multiple 
unique domain names supported 
by your Web server but only want 
to have one IP address associated 
with that server, you will need to 
set up a software virtual server. 
Here’s how to set this up. 


1. Set up the directories for the 
various Web sites under the 
document root (the document 
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i) 


(oe) 


5. 


root on the Netscape Enterprise Servers is sys:/novonyx/ 
suitespot/docs). Make a directory here for each of the new domains you 
want to host (for example, sys:/novonyx/suitespot/docs/domain1 and 
sys:/novonyx/suitespot/docs/domain2). 


. Go into the Web Server Administration screen and get to the place 


where you set up the virtual servers. (Select the Content Management 
tab from the menu across the top of the window, then click Software 
Virtual Servers.) 


. In the URL Host field, type the URL for your hosted domains (for 


example, www.domain1.com). 


. In the Home Page field, type the path to the home page for the domain 


(for example, INDEX.HTML). 
Click OK, then Save and Apply. 


One glitch here is that only the INDEX.HTML file in the 
sys:/novonyx/suitespot/docs/domainldirectory can be accessed with 
http://www.domainl.com/. All the other files under the directory must 
be accessed with /domainl/ added to the URL. So, if the sys:/ 
novonyx/suitespot/docs/domain1 directory contains Index.html, 
Bio.html, Order.html, and the Images directory, a link reference in 
the Index.htm1 page to open the bio page would look like this: 


<a href="/domainl/bio.html">Bio Page"</a> 


—Material provided by 
Michael Spong, Everett Young, and 
Theresa Husarik of Novell 


NetWare 3.x End-of-Life 
Announced 


ovell has announced that the NetWare 3.x product line will reach 

end-of-life on October 31, 2000. No orders for the NetWare 3 oper- 

ating system will be processed after October 31, and support will 
enter maintenance phase on that date. 


To allow Novell Technical Services to dedicate additional resources to 
supporting the most current Novell products, incident-based support for 
NetWare 3.11 was discontinued on January 31, 1999, and incident-based 
support for NetWare 3.12 will be discontinued on May 1, 2000. Incident- 
based support for NetWare 3.2 will continue until October 31, 2000. Other 
options for NetWare 3 support that will continue to be available after 
October 31 include: 


e Electronic support information on the Support Connection 
Web site at http://support.novell.com. 


® Novell Support Connection Web Forums at 
http://support.novell.com/pforum. 


¢ Novell Support Connection CD, which can be ordered online at 
http:/ /support.novell.com/ additional /cd-subscribe.htm. 


After October 31, NetWare 3.x support will be in maintenance phase for 3 
months, during which time full support will be provided in the areas of 
planning, design, implementation, and management, but defect support 
will be limited to critical defects. 


After that, support will enter the 


mature phase for 12 months, during 
which time defect support of any 


kind is discontinued. Following this 


12-month period, all support will be 
discontinued except Web-based 
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systems as quickly as possible. 
For small businesses with one 
server and less than 50 worksta- 
tions, the Novell Small Business 
Suite 5 provides a feature-rich 
solution at a great price. For 
medium to large and enterprise 
customers with multiple servers 
at one or more sites, NetWare 5.1 
is the ideal choice. 


Note that this end-of-life 
announcement does not affect 
Japan or India, where Novell joint 
ventures manage the life cycle of 
products in those countries. Nor 
will it affect China, Korea, or 
Taiwan NetWare 3.2 KCC is not 
due to be discontinued. 


If you have questions or 
concerns about your continued 
support needs, contact your 
Novell Technical Services repre- 
sentative. For more information 
about upgrading Novell prod- 
ucts, contact your Novell Sales 
Representative or the Novell 
Customer Response Center 
at 1-888-321-4272 (in the U.S. 
and Canada) or at 801-228-4272 
(outside the U.S.). 


Managing Editor, 
Novell AppNotes 
Novell, Inc. MS PRV E-242 
122 East 1700 South 
Provo, UT 84606 U.S.A. 


access to whatever technical infor- 


mation or patches already exist on 


the support Web site. 


In order for customers to contin- 


ue receiving the highest levels of 


product support and reap the busi- 
ness value of new product enhance- 
ments, Novell recommends that you 
upgrade your NetWare 3.x operating 
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(801) 861-4123 


kneff@novell.com, tduncan@novell.com, . 
or eliebing@novell.com 
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Novell's technical support gurus answer your most pressing questions 


Dear Ab-end: I’m trying to automate the assigning of a PC manufactur- 
er’s service code to be used as an NT workstation’s machine name after it 
has been imaged. I have most of the pieces in place, but a search of the 
registry on my test PC found 16 instances of the machine name/service 
code. I know some of these are volatile and some are not. The routine to 
replace all of them would be pretty ugly, so I’m trying to get it down to 
just a few entries. Do you know of any registry experts who can give me 
some feedback on this? 


—Feelers Out in Fredonia 


Dear Feelers: According to Andrew Hill of Novell Consulting, when 
you actually change this through Control Panel, the following key 
gets modified: 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet 
\Control\ComputerName\ComputerName] "ComputerName"="ZB7ZV" 


The following key stays the same: 


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet 
\Control\ComputerName\ActiveComputerName ] 
"ComputerName"="ZB7ZV" 


This is because the new name is not “active” until the next 
boot. It should flip over when you reboot. 


The following key deals with the setting on the DNS tab 
of your TCP/IP Protocol properties, which is the same name: 


Company : 


[HKEY_LOCAL_MACHTINE\SYSTEM\CurrentControlSet 
\Services\Tcpip\Parameters] 


"Hostname"="Zb7zv" 


Hope this helps! 


Member of NDS Tree : 


Dear Ab-end: I am a new network administrator for a 
NetWare 5.1 network and I’m trying to get a handle on how 
this TCP/IP stuff works in NetWare. Is there a way to quickly 
find out the server’s IP address without having to go to each 
server on the network? 


—Stumped in Saskatchewan 
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Wildwildwest Prop 


Novell. 


WILDWILDWEST 


NDS Name: CN=WILDWILDWE 


Dear Stumped: One of the 

quickest ways to see this infor- 

mation is to go to the server 

console and type CONFIG 

<Enter>. There you will see the 
IP address and your IPX address 
if installed, but you do have to go 
each server to see this informa- 
tion. If you have remote access set 
up, you can attach to the servers 
remotely and type the Config 
command on each one, but this is 
also time consuming. 


If you are logged in to your 
NetWare 5.1 server from a 
Windows 95/98/NT/2000 worksta- 
tion, click on the Network 
Neighborhood icon. On each of the 
server icons that appear in the 
Network Neighborhood screen, 
you can right click and select the 
Properties entry. You will see a 
screen similar to the following: 


Novell 
NetWare 5.00h 


BINARY 


OU=Lab.0=megaiith 


Here you see not only the IPX 
address (if there is one assigned) 
and the IP address, but you can 
also see the DNS servername 
resolution for that IP address. 
You can perform this search on 
each NetWare 5 server you are 
attached to, or that appears in the 
Network Neighborhood screen. 


Dear Ab-end: Does anyone know 
how to stop an anonymous bind 
from accessing NDS? From what 
I understand, the proxy user 
rights should apply. But the only 
way I can get “no information” is 
to remove Public’s rights. Is this 
correct? 


—Anxious in Ann Arbor 


Dear Anxious: This is a 
problem in the current version of 
NDS, but it should be fixed in a 
future release of NDS eDirectory. 
In the mean time, you have to 
constrain Public access very tight- 
ly with Public Access Rights. Here 
is a note from the LDAP engineer- 
ing team at Novell to further illu- 
minate this problem. 


“Changes were incorporated 
in the coming release of Directory 
Services that will tighten up the 
application of Access Rights. 
Public Compare rights on attrib- 
utes must be granted in order for 
these objects to be seen by a user 
with an anonymous LDAP connec- 
tion. For example, if the Netscape 
address book is used to access the 
directory, only user objects that 
have Public Compare rights 
granted to them on all attributes 
in the LDAP search filter will be 
returned. 
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“By default, the upcoming release of NDS 8 ships without Public 
Compare rights granted. Thus, if the administrator doesn’t explicitly 
grant Public Compare rights to the attributes of user objects, the LDAP 
applications will not be able to see any users. Previous versions of NDS 8 
did not use these tight controls. Thus, anonymous LDAP queries returned 
all matching users by default. 


“The following steps will allow you to grant only Public Compare 
rights in ConsoleOne. 


1. Invoke ConsoleOne and select the tree you are interested in. 


2. Right-click on the tree and select Properties. The “Properties of 
<Treename>” window will appear. 


3. Select Public from the list in the “Trustees of this Object” page under 
the “NDS Rights” tab. 


4. Click the Assigned Rights button to bring up the “Rights Assigned to 
Public” window. 


. Click the Add Property button. 
. Select [All Attribute Rights] from the list. 
. Click OK to return to the “Rights Assigned To Public” window. 


on nm o 


. Make sure that only the Compare right is checked in the right-hand 
box when [All Attribute Rights] is selected from the list on the left side 
of the window. By default, both the Read and Compare rights are 
checked. If you leave Read rights checked, anyone who comes in on an 
anonymous LDAP connection can read any piece of data in your dire- 
ctory. Take this out. Once you are satisfied with your rights selection, 
click OK to return to the “Properties of <Treename>” window. 


9. Click Apply or OK to apply the newly selected rights. 


“A network administrator may want to further control the attributes that 
can be checked using a public connection. If you desire further control, fol- 
low the above procedure to explicitly grant Compare rights to the attribut- 
es to which you would like the Public object to have, instead of selecting 
All Attribute Rights. Be sure to grant Compare rights to all of the attrib- 
utes that are used in LDAP search filters from your application. For 
example, the Netscape address book will require Compare rights on CN 
(Common Name) and mail attributes. Outlook Express may require rights 
on other attributes.” 


Dear Ab-end: Do you know what TCP/IP ports 427 and 524 are used for? 
I’ve just put up a personal firewall on my PC so I could control my DSL 
(Digital Subscriber Line) connection, but I keep getting stuff from these 
ports and I’m wondering what they are. 


—Portly in Portland 
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Dear Portly: Robert Hannan of Novell Consulting 
provides the following list: 


e TCP 524 —NCP Requests—Source port will be a 
high port (1024-65535) 


e UDP 524—NCP for time synchronization—Source 
port will be a high port 


¢ UDP 123—NTP for time synchronization—Source 
port will be the same 


e UDP 427—SLP Requests—Source port will be the 
same (427) 


e TCP 427—SLP Requests—Source port will be the 
same (427) 


TCP 2302—CMD—Souree port will be a high port 


UDP 2645—CMD—Source port will be the same 
(2645) 


For a list of all well-known ports, refer to the following: 


http://www.con.wesleyan.edu/~triemer/network/ 
docservs.hitml 


Dear Ab-end: I work for a computer manufacturer, 
and we were told by a consultant that we need a refer- 
ence server for time synchronization for our cluster 
technology. However, I read in TID #2930686 that this 
is not the case, so we are basing our configuration on 
that. My question is, if you have a single reference 
server in the cluster, what happens if that reference 
server goes down? 


—Skeptical in Skagway 


Dear Skeptical: According to Robert Wipfel of the 
Core Operating Systems team at Novell, there is no 
relationship between clustering and time synchroniza- 
tion. You should configure time synchronization exact- 
ly as you would for a regular network of file servers. 
So just forget there is even a cluster there, as it has no 
impact on or relationship with time synchronization. 
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Dear Ab-end: I’ve been to BrainShare and Comdex 
and have seen your customized login splash screens 
at the Novell Connecting Points. I want to do some- 
thing similar on my company’s network. We are 
using Client 32 for Windows 95/98 and Windows NT. 
Can you clue me in on how this is done? 


—Being Like You in Pennsylvania 


Dear Being: Patrice Clement, Client Backline 
Engineer in the Novell European Support Center, 
writes the following: “For the Novell Client 3.1 for 
Windows 95/98, the NWDRVLGO.BMP file is the 
login splash bitmap. You can replace this with any 
other bitmap you want; there don’t seem to be any 
size or color depth restraints. Simply rename your 
new bitmap to NWDRVLGO.BMP, and you are off 
and running. 


“For the Novell Client 4.6 for Windows NT, it is 
even better since there is a setting in the Client 
Properties | Advanced Login tab which points to the 
NWELCOME.BMP file. You can change that to point 
to any bitmap file you want. In addition, you can also 
define the title of the dialog (“Begin Login” by 
default) to something different. Even better, you can 
use ZENworks to control such features through an 
NT Workstation Package | Client Configuration 
Policy. That way, you can define different bitmaps for 
different groups of workstations if you want.” 


Robert Koestler of Novell Channel Support in 
Dusseldorf writes further: “On Windows NT, there 
are even more possibilities. You can replace the 
‘Press Ctrl+Alt+Del’ picture which is shown after the 
NWELCOME.BMP. To replace this banner, use the 
following registry settings in key Path:HKEY_ 
LOCAL_MACHINE\SOFTWARE\ Novell \ Login \ 
Banner: 


e String value: Image 


This is the path to a .BMP file that will be used for 
the banner. The true width of the banner is deter- 
mined by the font being used. Larger fonts will 
allow wider bitmaps. It is suggested that the width 
of the image not exceed 400 pixels. The height of 
banner is dynamically determined at run time so 
any reasonable size may be used. If an Image is 
not set, no banner will be shown. 


e String value: Brush 


This is the path to a .BMP file containing an 8x8 
pixel bitmap. This pattern will be used to paint the 
background of the banner. If Brush is not set, the 
background will be drawn the same color as 
buttons. 


String value: Color Scheme 


This is the path to a .BMP file containing a 3x1 
pixel bitmap. The pixel at 1,1 will be used for the 
“transparent” color. That is, any pixel in the image 
file that is this color will be painted as transparent. 
The pixel at 2,1 will be used as the highlight color. 
The pixel at 3,1 will be used as the shadow color 


Net/1otes: 


when drawing the 3D level effect on the banner. If 
the Color Scheme setting is not set, there will be no 
transparency and the 3D effect will be drawn using 
the system defined colors for 3D highlight and 
shadow. 


DWORD value: Stretch 


0 leaves the bitmap “as is” when painting it. 1 caus- 
es the bitmap to be stretch horizontally to fit across 
the window. If the Stretch setting is not set, there 
will be no stretching.” 
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Publications List 


Novell Research is a program through which Novell publishes 
technical information about designing, implementing, admin- 
istering and managing computer systems based on NetWare 
and other Novell products. Publications produced through this 
program include Novell AppNotes and Novell Research Reports. 
Asister publication, Novell Developer Notes, is available for 
covering topics of interest to network application developers 
and programmers. 


Novell AppNotes 


Novell AppNotes (formerly Novell/NetWare Application Notes) 
is Novell’s monthly technical journal. Each issue contains 
articles that cover various aspects of designing, implementing, 
administering, and integrating NetWare-based systems. 


Subscriptions. An annual subscription to Novell AppNotes 
includes 12 monthly issues, plus access to electronic AppNotes 
on the World Wide Web. Subscription pricing is currently 
$110.00 per year inside the U.S., and USS150.00 outside the 
U.S. Discounts are available for bulk subscriptions (10 or more 
subscriptions delivered to the same mailing address). Contact 
Novell Developer Information for details. 


AppNotes on CompuServe. As of April 1, 1998, electronic 
subscriptions to AppNotes on CompuServe are no longer 
available. Access will be maintained for current subscribers for 
a limited time to allow a switchover to the content on the 
Novell Research World Wide Web site. 


Novell Research Web Site. For more information on 
Novell Research publications and online content availability, 
visit our web site at http://www novell.com/research. 


Back Issues. Past Novell Research publications can be 
ordered as back issues, subject to availability. Back issue 
pricing is as follows: 


Quantity Price Per Copy 

1-9 copies $ 15.00/copy inside the U.S. (includes s&h} 
$ 20.00/copy outside the U.S. (includes s&h) 

10-49 copies $ 9.00/copy, plus s&h 

50-99 copies $ 7.00/copy, plus s&h 

100+ copies $ 5.00/copy, plus s&h 


Shipping and handling (s&h) costs vary depending on weight 
of package, carrier, and speed of delivery desired by the 
customer. Rush fee is $5.00 per order. To request additional 
copies of past AppNotes, use the order form included in each 
AppNote issue. 
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Back Issue Bundles. A bundle includes all AppNotes 
printed in that year, subject to availability. For pricing, see the 
chart below. Bundle prices do not include shipping and 
handling charges for orders shipped outside the U.S. 


1997 AppNote Bundle 
164-000052-000 
US$ 100.00 


Includes Jan 97 through Nov/Dec 97, 
featuring three special issues: Windows 
NT and NetWare Integration (April 97), 
IntranetWare Client for Windows NT 
(May 97), and Class C2 Level Secure 
Networking with NetWare 4.11 
(Nov/Dec 97). 


1996 AppNote Bundle 
164-000050-000 
US$ 100.00 


Includes Jan 96 through Dec 96, 
featuring three special issues: NetWare 
Client 32 for DOS/Windows 3.x (May 
96), NetWare 4.11 (Oct 96), and 
NetWare Client 32 for Windows 95 
(Nov 96) 


Hard-copy back issue bundles are no 
longer available. Visit the Novell 
Research web site for electronic 
access to back issues. 


1995 and previous 
bundles 


Novell Research Order Desk 


To order subscriptions or back issues, mail or fax the order 
form at the back of this AppNote edition, or call the Novell 
Research Order Desk directly: 


Phon 800-377-4136 (in the U.S. and Canada) 
. 303-297-2725 (all other locations) 
Novell Research Order Desk 
1601 Park Avenue West 
All orders must be prepaid. Checks and major credit cards are 
accepted. Prices are subject to change without notice. 


Denver, CO 80216 


Novell Developer Notes 


Novell Developer Notes are available to registered members of 
the Novell DeveloperNet program. Non-members can obtain 
Developer Notes on a subscription basis. See the Novell 
Research Order Form at the back of this issue for details. 


Novell Research Publications 


For information on how to order these publications, refer to the Novell Research Order Form. Prices for reprints are US$15 per 
copy in the United States, US$20 per copy in all other locations. Price includes shipping and handling. To obtain a complete, 
updated list of publications, call the Novell Research Order Desk at 800-377-4136. Outside the U.S. and Canada, call 303-297-2725. 
Or send e-mail to appnotes@hibbertco.com. 


Novell AppNotes = (formerly Novell / NetWare Application Notes) 
Date Part Number Titles 


May 00 464-000060-005 Standardizing Network Server Configurations with Server Policies in ZENworks for Servers 
NDS eDirectory Design, Implementation, and Maintenance Guidelines 
Enabling Roaming Lotus Notes Users with ZENworks for Desktops 
Configuring BorderManager Authentication Services for Use with ActivCard Tokens 


Apr 00 464-000060-004 An Introduction to NDS Corporate Edition 
Understanding and Configuring SLP Directory Agents (DAs) and Scopes 
Troubleshooting and Diagnosing NetWare 5.1 Server Problems Through the NetWare Management 
Portal Utility 
Implementing Software Metering with ZENworks 


Mar 00 464-000060-003 Providing Web Services on the Internet: Why I Chose NetWare 5 Over Windows NT and Linux 
An Introduction to ZENworks for Servers 
Novell Internet Messaging Service (NIMS) Configuration Tips 
What's New in ManageWise 2.7 
Protecting NDS from Malicious Internal Attacks with NetVisions’ DirectoryAlert 


Feb 00 464-000060-002 Novell's Support for Windows NT, Windows 2000, and Active Directory 
Understanding Novell’s Single Sign-On 
How to Set Up and Use Remote Control with ZENworks 1.1 and 2.0 
A Strategy for Migrating to Novell Distributed Print Services in a Pure IP Environment 


Jan 00 464-000060-001 What’s New in NetWare 5.1: The Complete Solution for Web-Based Networking 
Rolling Out NetWare 5.1 with the NetWare Deployment Manager 
Upgrading Novell Client Software Across the Network Using ACU.EXE 
An Overview of NetWare 5.1’s Management Portal Utility 
Taking Advantage of NetWare’s Public Key Infrastructure with Novell Certificate Server 2.0 
An Introduction to WebSphere: The Next-Generation Web Application Server 


Dec 99 464-000056-012 Building on the Power of the Directory with Novell’s digitalme Technology 
BorderManager Enterprise Edition 3.5 Implementation Tips 
Understanding BorderManager Licensing 
Taking the Pain Out of Windows NT Profiles and System Policies with Novell’s ZENworks 
Distributing Netscape Navigator 4.5 and Higher Using Novell’s ZENworks 


Nov 99 464-000056-011 Upgrading from GroupWise 5.2 to 5.5 
GroupWise 5.5 Tuning, Optimization, and Sizing Recommendations 
GroupWise and Daylight Saving Time 
GroupWise Troubleshooting Theory and Strategies 
Tools and Resources for Supporting GroupWise 
Tools and Resources for Supporting GroupWise 


Oct 99 464-000056-010 Upgrading from GroupWise 5.2 to 5.5 
GroupWise 5.5 Tuning, Optimization, and Sizing Recommendations 
GroupWise and Daylight Saving Time 
GroupWise Troubleshooting Theory and Strategies 
Tools and Resources for Supporting GroupWise 


Sep 99 464-000056-009 What’s New in ZENworks 2 
Tips on Using the ZENworks Application Management Tool Kit 
A Disaster Recovery Strategy for Mixed NetWare 4/5 Environments 
Removing IPX from WAN Segments During an Upgrade to NetWare 5: A Case Study 


Aug 99 464-000056-008 GroupWise 5.5 Performance and Capacity Planning 
Using Novell Upgrade Wizard 3.0 
Using NDS for Secured LDAP Directory Lookups from Lotus Notes and Domino R5 
Understanding SCMD Mechanics and Processes 
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Date 
July 99 


Jun 99 


May 99 


Apr 99 


Mar 99 


Feb 99 


Jan 99 


Dec 98 


Nov 98 


Oct 98 
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Part Number 


464-000056-007 


464-000056-006 


464-000056-005 


464-000056-004 


464-000056-003 


464-000056-002 


464-000056-001 


464-000054-012 


464-000054-011 


464-000054-010 


Novell Research Publications 


Titles 


An Introduction to Novell’s Internet Caching System 
Integrating Thin-Client Servers with ZENworks and NDS 
Using Network Time Protocol (NTP) with NetWare 5 

Getting the Most from the Novell Support Connection Web Site 


An Introduction to Novell Small Business Suite 5 

Managing Mixed NetWare and Solaris Networks with NDS for Solaris 2.0 
Migration Strategies for Upgrading IPX and NetWare/IP Networks to Pure IP 
Managing Host Connectivity with NetWare for SAA and NDS 

Using Stack-Walking to Troubleshoot a NetWare Abend 


An Introduction to Novell Cluster Services 

Creating an Integrated Desktop Enviroment with NDS at CERN: A Case Study 

An Overview of NetWare 5 NFS Services 

Using Seagate’s Crystal Reports 6.0 with the ManagerWise Inventory Database 
Integrating ManageWise Alarms with E-mail, Mobile Phone, Pager, and Fax Systems 


An Introduction to NDS for Solaris 2.0 

Upgrading an Enterprise Using the NetWare 5 Accelerated Upgrade 
Understanding the Advanced Settings in the Novell Client for Wiindows 95/98 
Configuration Parameters for the Compatibility Mode Driver 

Reducing Abend Resolution Time with Novell’s Abend Analyzer 


NDS v8: The Future of Novell Directory Services 

Dynamically Discovering Services on an IP Network with SLP 

Using Z.E.N.works to Distribute Windows NT Service Packs 

The Novell Support Connection Forums on the Internet: 1999 Update 
The Novell Developers’ Contest 

Introducing DeveloperNet University 


An Introduction to BorderManager Enterprise Edition 3.0 

Distributing Netscape Navigator Using Novell’s Z.E.N.works 

More About Automating the NetWare 5 Installation with a Response File 
What’s New in NetWare 4.2? 

Btrieve in the NetWare Server Environment 

Migrating from NetWare/IP to NetWare 5 and Pure IP 


Using Z.E.N.works to Check Workstation Hardware for Year 2000 Compatibility 
Troubleshooting NDS in NetWare 5 with DSREPAIR and DSTRACE 

An Introduction to NDS for NT v2.0 

A Closer Look at Novell Licensing Services in NetWare 5 


Automating the NetWare 5 Installation with a Response File 
Configuring LDAP Services with NDS 
Leveraging NDS in Your Environment: A Corporate Case Study 


Novell DNS/DHCP Services: Design Issues and Troubleshooting 
Enhancements to Storage Management Services (SMS) in NetWare 5 
ZENDS Design for Large Sites: Implementing a Replicated ZEN Container 
Configuring Entrust v3.0c for NetWare 5 

BorderManager FastCache: The Power of Novell Web Server Acceleration 


BorderManager Proxy Cache Clustering: A Low-Cost Solution for High-Availability ISP Services 
BorderManager FastCache: Novell Demos 10,000 Hits-per-Second Web Server Acceleration 


Enhancements to Novell Directory Services in NetWare 5 
Using Z.E.N.works to Distribute and Manage Applications on a Network 
AZ.E.N.works-Friendly Location Independence Strategy for NetWare Networks 


Assessing the Business and Technical Aspects of Public Key Infrastructure Deployment 


ManageWise 2.6: New Features and Enhancements 
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Date 
Sep 98 


Aug 98 


Jul 98 


Jun 98 


May 98 


Apr 98 


Mar 98 


Feb 98 


Jan 98 


Nov/ 
Dec 97 


Part Number 
464-000054-009 


464-000054-008 


464-000054-007 


464-000054-006 


464-000054-005 


464-000054-004 


464-000054-003 


464-000054-002 


464-000054-001 


464-000052-011 


Novell Research Publications 


Titles 


What's New in the NetWare 5 Operating System? 
Installing NetWare 5: Tips and Tricks 

Migrating to Pure IP with NetWare 5 
Compatibility Mode Installation and Configuration 
Printing in NetWare 5 with NDPS 2.0 

New Security Features in NetWare 5 


Quoi de Neuf: What’s New in NetWare 5? 

Troubleshooting Synchronization with NDS Manager 

Implementing NDS-Enabled Solutions at Clemson University, Part 2 

GroupWise 5.2 Performance Tuning and Capacity Planning 

Collecting and Interpreting NetWare 3.x and 4.x Server Statistics with STAT.NLM 

Break the Web Server Speed Limit with a Web Server Accelerator 

Using BorderManager to Improve the Quality of Service for International Access to WWW.NOVELL.COM 


Implementing NDS-Enabled Solutions at Clemson University 

Using NDS Manager’s Graphical Schema Manager Tool in NetWare 4.11 
ManageWise 2.5 Configuration and Usage Tips 

Charlotte: An Automated Tool for Measuring Internet Response Time 


An Introduction to NetWare for Small Business 4.11 

Using NDS Manager for Partition and Replica Administration 
Using Z.E.N.works to Manage Users’ Desktops 

Novell GroupWise Performance Management on Compaq Servers 


Novonyx Product Overview: Netscape Enterprise, FastTrack, and Messaging Servers for NetWare 
An Introduction to Z.E.N.works: Zero Effort Networking for Users 

Using DSREPAIR to Maintain the Novell Directory Services Database 

SQL Integrator: A Data Request Broker for Heterogeneous Data Access 


An Introduction to Novell Distributed Print Services (NDPS) 

Easing TCP/IP Network Management with Novell’s DNS/DHCP Services 

Using the Graphical SYSCON Utility in NetWare 3.2 

Using the Novell Internet Access Server (NIAS) and a Modem to Connect Your NetWare Server to 
an ISP 


Managing Mixed intraNetWare and Windows NT Networks with NDS for NT 
Maintaining IPX Compatibility During a Migration to TCP/IP on a NetWare Network 
Using the Novell Upgrade Wizard 

Network Address Translator (NAT) Theory and Troubleshooting 

Supporting PCI Hot Plug Technology in the Novell Architecture 

DeveloperNet: The Source of Opportunity for Application Developers 


What’s New in NetWare 3.2 

Accessing the Novell Support Connection Web Forums on the Internet 

Using the SAPMON Utility to Monitor SAP Traffic and Troubleshoot Network Problems 

Novell SuperLab Hosts the SuperLab Challenge 

Networking Case Study: The Novell Connecting Points Network at COMDEX/Fall ‘97 
BorderManager FastCache: Single Proxy Server Supports 67,000-Seat Network for Utah Schools 


The New Face of Networking 

Consumer Gas Company, Ltd. Migration to IntranetWare from NetWare 3.12: A Case Study 

A Practical Guide to Using Novell Application Launcher (NAL) 2.01 

Improving Novell BorderManager Scalability with Intelligent Server Adapters 

Improving Sun Web Server Performance and Scalability with BorderManager Web Server Acceleration 


Network Security for the 21st Century: Concepts and Issues 

Achieving Class C2 Security in a Network Environment 

Devising an Information Security Policy: Environment, Risk, and Assurance 
Overview of the NetWare Enhanced Security Architecture and Configuration 
Implementing Class C2 Security with NetWare 4.11 

Protecting Your Network Against Known Security Threats 

Security Issues for International Commerce 
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Oct 97 464-000052-010 A Quick Guide to Web Server Acceleration 
Maintaining a Healthy NDS Tree: Part 2 
Troubleshooting Server Problems Using the ABEND.LOG File and Memory Images (Core Dumps) 
Electronic Commerce: The Quest for a Global, Secure Infrastructure 


464-000052-009 Three Ways to Deliver Cached Performance to Your Intranet and Internet Users 
Novell Storage Services (NSS): Pushing IntranetWare to New Heights 
Setting Up a “Change Password Administrator” in NetWare 4 
Accessing the Internet with Eicon’s SCOM for IntranetWare Kit 


464-000052-008 Web Server Acceleration with Novell’s BorderManager: A Case Study of WWW.NOVELL.COM 
Learning and Applying the Rules of NDS Security 
Maintaining a Healthy NDS Tree: Part 1 
Using Novell Application Launcher 2.0 and snAppShot for Application Delivery 


464-000052-007 An Introduction to Java: What Non-Developers Need to Know 
Novell’s Project 2000: Meeting the Challenge of Century Compliance 
Installing the “First” NetWare/IP Server 
An Overview of Novell’s GroupWise Document Management Strategy 
Novell’s Class C2 Level Security Evaluation “For a Network” 


Jun 97 464-000052-006 Controlling Access to Open Systems with IntranetWare BorderManager 
An Introduction to Novell Replication Services 
Implementing Novell’s NT Workstation Manager 
Migrating to GroupWise from Message Handling Services 
From Paper to Electrons: Initiating Safer Electronic Commerce 


May 97 464-000052-005 Overview of Novell’s IntranetWare Client for Windows NT 
Installing the IntranetWare Client for Windows NT 
Configuring the IntranetWare Client for Windows NT 
Accessing IntranetWare Resources Using the NWGINA Logon Interface and the NetWare Provider 
Setting Up Network Printing with IntranetWare Client for Windows NT Workstation 


Apr 97 464-000052-004 Overview of Novell / Windows NT Integration Products 
Installing the NWAdmin Plug-Ins for Windows NT Workstations and Servers 
Integrating Windows NT Users and Groups into IntranetWare Using Novell Administrator for Windows NT 
Managing NT and NDS Account Information Using the Novell Workstation Manager 
Using the Novell Application Launcher with Windows NT 
Migrating to IntranetWare from LAN Server, LAN Manager, or NT Server 


Mar 97 464-000052-003 Optimizing IntranetWare 1 and 2 Server Memory 
IntranetWare Server Automated Abend Recovery 
NetWare Over TCP/IP: Integrating NetWare Services into the TCP/IP Environment 
GroupWise 5 Architecture Overview 


Feb 97 464-000052-002 Effectively Networking Windows NT with Novell’s IntranetWare 
Using the Directory Services Trace (DSTRACE) Screen 
Disconnecting NetWare Clients that Have Automatic Reconnection Enabled 
The Role of the Physical Network in Network Installation and Optimization 


Jan 97 464-000052-001 Design Rules for NDS Replica Placement 
ManageWise 2.1 Configuration and Optimization Tips 
Branch Office Deployment, Part 2: An Imaginary Branch Installation Project 
Managing the Physical Network: A Beginner’s Guide 


Dec 96 164-000050-012 Architecting a Full-Service Intranet with Novell’s IntranetWare 
Connecting to the Internet from a Novell Network 
How to Select WAN Hardware for Your Novell Product 
Capacity Planning for the IntranetWare IPX/IP Gateway 
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164-000050-011 


164-000050-010 


164-000050-009 


164-000050-008 


164-000050-007 


164-000050-006 


164-000050-005 


164-000050-004 


164-000050-003 


164-000050-002 


164-000050-001 
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Titles 


Overview of NetWare Client 32 for Windows 95 

Installing NetWare Client 32 for Windows 95 

Upgrading Windows 95 Workstations with Automatic Client Update (ACU) 
Configuring NetWare Client 32 for Windows 95 

Accessing Network Resources with the GUI Login Utility and the NetWare Provider 
Using the Novell Application Launcher (NAL) with Client 32 for Windows 95 
Setting Up Network Printing with Client 32 for Windows 95 

Troubleshooting and Optimizing NetWare Client 32 for Windows 95 


What's New in NetWare 4.11 
Migrating to NetWare 4.11 Using the Across-the-Wire Method 
Backing Up and Restoring Novell Directory Services in NetWare 4.11 


Server Maintenance: Maintaining NDS Information for a NetWare 4.11 Server During a Brief Shutdown 


Exploring the NetWare Web Server, Part 3: A Complete Innerweb Solution 
An Introduction to Novell’s IntranetWare IPX/IP Gateway 
Branch Office Deployment, Part 1: A Product Development Approach 


NetWare/IP 2.2 Implementation and Troubleshooting Guidelines 
Network Security: Determining Your Risk Index 

Choosing a LAN-based Imaging System for the Small Office Environment 
Lessons Learned While Upgrading to NetWare 4.1 


Extending ManageWise for the Challenges of the Enterprise 
Licensing and Serialization in NetWare 4.1 

A Study of Novell Directory Services Performance and Benefits 
Shaping the Infrastructure for Information Security in the 21st Century 


NetWare on One CPU Outperforms Windows NT Server on Four CPUs 
Managing Novell Directory Services Traffic Across a WAN: Part 1 

NetWare Connect Services: Your Pathway to the Global Business Village 
Business Process Re-engineering: A Turning Point in Novell’s Imaging Studies 


NetWare Client 32 for DOS/Windows: Overview of Architecture and Features 
Installing NetWare Client 32 for DOS/Windows 

Upgrading Network Client Software with Automatic Client Update (ACU) 

Using the Client 32 GUI Login Utility and the NetWare Application Manager (NAM) 
Using Novell’s NetWare User Tools (NWUSER.EXE) for Client 32 Workstations 
Setting NET.CFG Parameters with the NWSETUP Utility and Accessing Online Help 


Ten Proven Techniques to Increase NDS Performance and Reliability 

Universal Guidelines for NDS Tree Design 

Overview of NetWare Link/ATM Technology 

GroupWise Remote for the Road Warrior 

Auditing NDS Objects with AuditWare for NDS 

NDS Expert: Using NDS Checksumming to Eliminate Packet Corruption Problems 


Roaming a NetWare Network with NetWare Mobile IPX 

Interconnecting NetWare Networks with ISDN 

Exploring the NetWare Web Server: Part 2 

New Bottlenecks in LAN-based Imaging Systems 

Large NetWare Networks: Results of Compaq’s 1000-User Server Benchmark Tests 
Understanding SCANTREE.EXE’s Statistics 

Net2000: Enhancing the NetWare Platform 


Exploring the NetWare Web Server 

Inside the NetWare Server’s Packet Burst Statistics Screen 
Installing and Configuring GroupWise Remote 

Using DS Standard to Migrate Networks to NetWare 4.1 


Applying X.500 Naming Conventions to NDS 

Basic GroupWise Concepts for Support Professionals 

Using Packet Size Distributions to Uncover Hidden Network Utilization Bottlenecks 
Performance Analysis: Isolating the Real Bottleneck in a System 

Net2000: Interface and Implementation 
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Dec 95 164-000047-012 Global Network Services: Novell’s Strategy for Enabling a Smart Global Network 
A Look into the Future: Distributed Services and Novell’s Advanced File System 
An Inside Look at SPX Communications between RPRINTER/NPRINTER and the NetWare Print Server 
LAN-based Imaging Revisited 


164-000047-011 NetWare Link Services Protocol: An Advanced Theory of Operations 
Guidelines for Implementing NetWare/IP 
Tuning the Server Memory Calculation Worksheet 


Oct 95 164-000047-010 Integrating the NetWare Client for DOS/MS Windows (VLMs) with Windows 95 
Using TRACK and Other Console Utilities in a Mixed NetWare Environment 
MHS Services’ Role in Novell’s Messaging Strategy 
Using AppWare to Automate PerfectOffice Applications 


Sep 95 164-000047-009 An Introduction to Novell’s NetWare Client32 for Windows 95 
Overview and Benefits of Novell Embedded Systems Technology (NEST) 
Using UnixWare 2 to Set Up a Web Server: A Case Study 
Comparing Novell’s IPX-to-IP Connectivity Solutions: IP Tunneling, NetWare/IP, and IP Relay 


Aug 95 164-000047-008 Backing Up and Restoring NetWare Directory Services in NetWare 4 
SBACKUP Configuration and Usage Notes 
Troubleshooting Tips for NetWare Directory Services 


Jul 95 164-000047-007 Installing and Configuring UnixWare 2.0 
Understanding the NetWare UNIX Client (NUC) NLM 2.0 
Configuring Asynchronous Connections with the NetWare MultiProtocol Router 3.0 Software 


Jun 95 164-000047-006 Centralized Multiserver Backup over 100VG-AnyLAN Networks 
Using Novell’s NetWare User Tools (NWUSER.EXE) for MS Windows Clients 
Anatomy of a Voice Processing NLM 
ABEND Recovery Techniques for NetWare 3 and 4 


May 95 164-000047-005 The Benefits of Using Intelligent LAN Adapters in NetWare Servers 

Using the NISWD Utility to Diagnose MS Windows Workstation Problems 
Upgrading to NetWare 4.1 Across a LAN/WAN Using RCONSOLE 

Using NDS User Object Properties in NetWare 4.1 Login Scripts 


Apr 95 164-000047-004 Integrating the NetWare DOS Requester (VLMs) with Windows for Workgroups 

Importing User Information into NetWare Directory Services Using UIMPORT 

Unified Messaging: Paving the Road to Pervasive Computing 

Using NetWare/IP Over Satellite Networks 

Understanding NetWare HostPrint 1.1x 

The NetWare 4 Memory Architecture / Understanding Memory Fragmentation in NetWare Servers 
Using MONITOR to Track NetWare 4 Memory Allocation 


Mar 95 164-000047-003 Using the DSMERGE Utility in NetWare 4.1 
Support Issues for the NetWare DOS Requester (VLM) 1.2 
Black Screen of Death Explained 
NetWare Workstation Security Architecture 
What’s New in UnixWare 2 
NetWare for SAA 2.0: An Overview of Novell’s Next Generation SNA Connectivity Product 
Tuning Cache with the NetWare 4 LRU Sitting Time Statistic 


Feb 95 164-000047-002 Inside Novell’s High Capacity Storage System (HCSS) 
Resolving Critical Server Issues 
Computer Telephone Integration: Call Control vs. Voice Processing 
Wide Area Networking with Frame Relay and NetWare MultiProtocol Router 


Jan 95 164-000047-001 What’s New in NetWare 4.1 
NetWare 4.1 CIT Interoperability Testing Overview 
NetWare 4.1 Interoperability Test Configurations and Troubleshooting 
Planning an NDS Tree 
Understanding and Using NDS Objects 
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164-000036-012 


164-000036-011 


164-000036-010 


164-000036-009 


164-000036-008 


164-000036-007 


164-000036-006 


164-000036-005 


164-000036-004 
164-000036-003 


164-000036-002 


164-000036-001 


Novell Research Publications 


Titles 


NetWare IPX Routing Enhancements 

Customizing Your NetWare Link Services Protocol Routing Configuration 
Managing Basic MHS 

Printing to Network Printers in Windows 3.1 

Configuring UnixWare’s Point-to-Point Protocol (PPP) 


Characteristics of TCP/IP, IPX/SPX, and NCP Protocols Over VSAT 
NetWare Management System (NMS) Components and Functionality 
Upgrading to NetWare 4.01: A Case Study of Canadian Tire Corporation, Ltd. 


Migrating from NetWare Name Services to NetWare Directory Services 
Understanding the Role of Identification and Authentication in NetWare 4 
Managing and Using FirstMail 

Configuring NetWare Connect with TCP/IP Remote Clients 

Installing and Configuring UnixWare 1.1 


Using Novell’s CDROM.NLM to Run CD-ROM Drives as NetWare Volumes 
What’s New in NetWare 4.02 

Effectively Managing RIP and SAP Traffic with Filtering 

UnixWare 1.1 as a NetWare Client 

Troubleshooting Printing in a NetWare for Macintosh Environment 


An Introduction to Novell’s Open Security Architecture 

Using DOS Batch Files with NetWare 4 to Ease the Transition from NetWare 3 
Installing Basic MHS and FirstMail 

TUXEDO System Release 4.2.2: The Path to Reliable Client/Server Computing 
Unattended OS/2 CID Installation Using NetWare Navigator 


Configuring NetWare 4 for the Mobile User 

Key Issues Surrounding Enterprise E-Mail 

Testing Performance of NetWare SNA Remote Host Connectivity Products 

Customizing Autodiscovery Using NMS 

Records Management: Document Storage and Retrieval Challenges in an Enterprise Network 
Application of Networked Multimedia in Business and Education 


NET.CFG Parameters for the NetWare DOS Requester 1.1 

Using Network-Direct Print Devices in NetWare 4 

Compression and Suballocation in NetWare 4 

Managing the Branch Office: Part 2 

Implementing NetWare MultiProtocol Router Products in an IBM Source-Route Bridged Environment 


The Functions and Operations of the NetWare DOS Requester v1.1 

Managing the Branch Office: Part 1 

Performance Tuning NetWare Connect 1.0 

Optimizing NetWare Wide Area Networks 

NetWare Link Services Protocol: Link-State Routing in a NetWare Environment 


SPECIAL EDITION: Building and Auditing a Trusted Network Environment with NetWare 4 


An Introduction to AppWare and Visual AppBuilder 

Management Procedures for Directory Services in NetWare 4.01 
Optimizing NetWare as a Database Platform 

Providing DOS and MS Windows User Access to UNIX/NFS Files 
Ghardenstone: A Novell Methodology for Network Performance Evaluation 
A Review of Bridging and Routing Techniques 


Implementing Naming Standards for NetWare Directory Services 

Implementing and Configuring Novell/AT&T Telephony Services 

NetWare Distributed Management Services: An Integrated Approach for Managing Network ... 
Certification Programs for Networking Professionals 


Novell’s Corporate-Wide Upgrade to NetWare 4 

Upgrading to NetWare 4: The Chase Manhattan Bank’s CC and FMI Groups 
Time in the NetWare Environment 

Computer-Telephone Integration with Novell’s Telephony Services 

An Overview of Multimedia Technologies 
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Dec 93 164-000032-012 Installing NetWare 3.12 from CD-ROM 
Wide Area Networking with VSAT: A Customer Installation 
Workstation Memory Management: Using QEMM386, 386 To The Max, and MS-DOS 6 
IBM AS/400 Connectivity Using NetWare for SAA 1.3 in an Ethernet Environment 


Nov 93 164-000032-011 Time Synchronization in NetWare 4.x 
Designing NetWare 4.x Security 
Packet Burst Update: BNETX vs. VLM Implementations 
Multi-Segment LAN Imaging: Departmental Configuration Guidelines 


Oct 93 164-000032-010 NetWare 4.x Performance Tuning and Optimization: Part 3 
What’s New in NetWare 4.01 
NetWare 3.12 Enhancements 
Using NetWare HostPrint for AS/400 Host Printing 
Managing Memory in a DOS Workstation: Using Novell DOS 7 


Sep 93 164-000032-009 Optimizing Printing with NetWare 4.x and 3.1x 
Understanding and Using NDS Alias Objects 
NetWare Migration Utilities Part 2: The Across-the-Wire Migration Utility 
An Introduction to Network Workflow 
Migrating Ethernet Frame Types from 802.3 Raw to IEEE 802.2 
Multilingual PC Setup with DR DOS 


Aug 93 164-000032-008 NetWare for Macintosh 3.xx Printing: A Configuration Tutorial 
Exploring Hard Disk Compression 
NACS 3.0 and NetWare Access Server 1.3 Integration 


Jul 93 164-000032-007 Using NETADMIN to Create and Administer NDS Objects 

A Test Workload Analysis of LANQuest Lab’s Application Benchmark (LAB) Test Suite 
Multi-Segment LAN Imaging Implementations: Four-Segment Ethernet 

A NetWare Interface for Visual Basic 

Understanding Relational Theory 


Jun 93 164-000032-006 NetWare 4.0 Performance Tuning and Optimization: Part 2 
NetWare 4.0 Bindery Emulation: An Overview 
Bindery Emulation and NetWare for Macintosh 
NetWare Migration Utilities Part 1: The In-Place Upgrade NLM 
Administering DOS Paradox 4.0 and Paradox for Windows 1.0 on NetWare 
Virtual Server Technology and DataClub File Sharing 


May 93 164-000032-005 NetWare 4.0 Performance Tuning and Optimization: Part 1 
Tips and Techniques for Troubleshooting Drive Deactivation in NetWare 3.1x 
Imaging Test Results: Retrieval Rates on Single- and Multiple-Segment LANs 
An Introduction to Videomedia and NetWare 


Apr 93 164-000032-004 Overview of NetWare 4.0 New Features 
An Introduction to NetWare Directory Services 
Planning a NetWare 4.0 Directory Tree 
Understanding NetWare Directory Services Rights 
Planning for NetWare 4.0 Installation, Server Migration, and Coexistence 
Using the DOS Requester with NetWare 4.0 
Migrating to NetWare 4.0: An Example 


Jul 93 164-000032-007 Using NETADMIN to Create and Administer NDS Objects 
A Test Workload Analysis of LANQuest Lab’s Application Benchmark (LAB) Test Suite 
Multi-Segment LAN Imaging Implementations: Four-Segment Ethernet 
A NetWare Interface for Visual Basic 
Understanding Relational Theory 


Jun 93 164-000032-006 NetWare 4.0 Performance Tuning and Optimization: Part 2 
NetWare 4.0 Bindery Emulation: An Overview 
Bindery Emulation and NetWare for Macintosh 
NetWare Migration Utilities Part 1: The In-Place Upgrade NLM 
Administering DOS Paradox 4.0 and Paradox for Windows 1.0 on NetWare 
Virtual Server Technology and DataClub File Sharing 
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Novell Research 


AppNotes. Novell's monthly technical journal covering 
various aspects of designing, implementing, managing, 
optimizing, and troubleshooting NetWare-based computing 
systems. 


Developer Notes. Novell’s monthly journal for network 
software development, published by Novell Research. This 
publication is provided to registered members of the Novell 
DeveloperNet Program. Non-members can obtain Novell 
Developer Notes on a subscription basis. 


Novell Support Connection (Technical Support) 


Web sites contain information about service accounts, patch 
lists, and technical training. 


Novell Support Connection CD 


An electronic CD infobase that provides a single source of 
supportrelated technical information collected from Novell 
and third parties, including Novell FYIs and technical bulletins, 
press releases, additional product information, NetWare 
patches, fixes, device drivers, utilities, and diagnostic decision 
trees. Back issues of the Novell AppNotes are also included 
on the NSC CD-ROM. 


Novell Support Connection Forums 


The message forums are the place to discuss and obtain 
technical support with Novell products. Feel free to ask 
questions, respond to any forum message that interests you, or 
tell all of us about your latest adventure with your Novell 
product. If you can assist a fellow user, feel free to jump into 
the conversation. 


Novell Technical Information Documents 


The information in Technical Information Documents usually 
originates from NetWare engineers and technicians on the 
Novell support lines. 


Novell Press 


A corporate press that provides customers with technical 
information about Novell products through the retail channel. 
Novell Press books are available in bookstores worldwide. 
You may also place orders by phone or the Web. 


To order AppNotes or Developer Notes, call: 


1-800-377-4136 (U.S. & Canada) 
303-297-2725 (international) 


Or use the order form at the back of each publication. 


http://developer.novell.com/research/ 


For technical support, call 1-800-858-4000 

For pre-sales information, call 1-888-321-4272 

Or visit one of Novell’s support pages for specific areas: 
Americas 
Africa 
Asia Pacific 
Europe and Middle East 
Japan 


http://support.novell.com/ 
http://support.novell.co.za/ 
http://support.novell.com.au/ 
http://support.novell.de/ 
http://support.novell.co.jp/ 


1-800-377-4136 (U.S. & Canada) or 303-297-2725 
(international) 


http://support.novell.com/additional/nsc-cd. htm 


http://support.novell.com/pforum/ 


Novell TIDs are available on the NCS CD-ROM or from the 


support Web site: 


http://support.novell.com/ 


For English editions, call 
1-800-434-3422 or 650-655-3021 
International customers call 
650-655-3200 
http://www.novell.com/programs/press/ 


Quick Guide to Novell Information: 
Programs and Events Resources 


Novell DeveloperNet 

Program for professional developers with resources essential to 
helping you build, optimize, certify and deliver manageable 
products and solutions for use across all of today’s popular 
platforms. 


DeveloperNet “Yes Tested and Approved” 

Novell tests and certifies third-party products for NetWare 
compatibility on a regular basis. Product test bulletins contain a 
complete report on the certified products’ test results, including 
any limitations found during testing. For your convenience, the 
bulletins also contain vendor phone numbers and addresses. 


Novell PartnerNet and Partner Passport 

Programs to support Novell’s resellers, OEMs, distributors, and 
partners. These Web sites contain valuable tools such as Novell 
advertisements, sales presentations, video presentations, and 
other resources that can be downloaded. 


NetWare Users International 

NetWare Users International is the association of Novell 
networking professionals. It is an independent, non-profit 
organization that supports NetWare user groups worldwide. 


Novell Education 
Novell Education has been providing industry-standard product 
training and certification since 1986. 


Project 2000 

Project 2000 was established to validate that Novell’s products 
are ready for the next millennium. This Web site is Novell’s 
source for information about Project 2000 and the status of 
Novell products. The site also has an E-mail subscription to 
notify subscribers of Y2K updates. 


Beta Program 
This Web site offers information on Novell beta testing. 


CNE Net 
This site is for CNEs and Master CNEs. It is a secure site and 
will prompt you for your password and PIN number. 


CNA Advantage 

CNA Advantage puts you in touch with the industry's latest 
networking solutions. If you are a CNA, you are automatically 
part of CNA Advantage. 


Novell Events 

Novell sponsored events such as worldwide BrainShare 
conferences and TechShare happen throughout the year. To 
learn more about them and when they will be in your part of 
the world, follow these links. 


]-800-REDWORD (1-800-733-9673) 
801-861-5281 (fax-back system) 


Select the option for Developer Relations Program 
information. You can then select options to have registration 
information faxed to you from the automated fax-back 


system, or to have the information mailed to you. 
http://developer.novell.com/ 


More information is available on the NSC CD-ROM, from 
local Novell Sales offices or resellers, or by calling: 


1-800-NETWARE (1-800-638-9273) 


http://developer.novell.com/prodcert/ 


1-800-828-3362 
http://www.novell.com/partner/ 


http://www. novell.com/passport/ 


For membership information, call 1-800-228-4684 


http://www.novell.com/nui/ 


In the U.S. call 1-800-233-EDUC; international callers visit 
the Web site for country-specific contact information. 
http://education.novell.com/ 


http://www.novell.com/p2000/ 


http://support.novell.com/beta/ 


http://cnenet.novell.com/ 


http://education.novell.com/cna 


BrainShare: http://www.novell.com/events/brainshare/ 
TechShare: hitp://www.novell.com/techshare/ 


Quick Guide to Novell Information: 
Company and Products Resources 


Novell Main Web Site Corporate Web Site: 

Provides any additional company information you may need, as] _hifp://www.novell.com/ 

well as a list of country-specific Web sites organized according] International mirror sites: 

to geographical areas. http://www.novell.com/corp/intl/ 


Product Information 
Novell's Web site has detailed information about its family of 
products. Listed here are a few of the direct links to the frontline 
products. 


NetWare 5: hitp://www.novell.com/netware5/ 

NDS: hitp://www.novell.com/products/nds/ 

NDS for NT: http://www.novell.com/products/nds/nds4nt/ 
Novell Small Business Suite 5: hitp://www.novell.com/ 
products/smallbiz/ 

GroupWise: http://www.novell.com/groupwise/ 
ManageWise: hitp://www.novell.com/products/managewise 
BorderManager: http://www.novell.com/bordermanager/ 
ZENworks: hitp://www.novell.com/products/nds/zenworks/ 
Product Resource Center: htto://www.novell.com/products/ 
resourcecenter/ 


Novell Product Documentation 
This Web site contains documentation about many of Novell's 
products from NetWare to SDKs and BorderManager to 

GroupWise. The documentation includes guides to installation 
and administration of these products. 


http://www. novell.com/documentation/ 


NetWare Connection 
Published monthly by NetWare Users International (NU), the 
independent professional society for NetWare user groups 
worldwide. If you are interested in starting or joining a 
NetWare user group, call or visit the Web site. 


http://www.nwconnection.com/ 

To obtain a free subscription, call or write to: 
NetWare Connection 

P.O. Box 19007 

Provo, UT 84605-9007 

1-800-228-4NUI 

801-465-4768 


Cool Solutions Communities 
Novell’s Cool Solutions sites are dedicated to providing 
information on GroupWise, NDS, and ZENworks. Here you will 
find helpful articles, downloads, manuals, programs, demos, 
and answers to your questions. 


GroupWise: http://www.novell.com/coolsolutions/gwmag/ 
NDS: http://www. novell.com/coolsolutions/nds/ 
ZENworks: hitp://www.novell.com/coolsolutions/zenworks, 


Novell Customer Services 
This Web site provides links to major Novell services such as 
Education, Consulting, DeveloperNet, and Support. 


http://services.novell.com/ 


Anti-Piracy 
The Novell anti-piracy program offers information and help to 
combat reseller and end-user piracy, counterfeit activities, BBS/ 
Internet piracy, trademark/trade name infringement, and illegal 
copying of books and manuals. There are Novell anti-piracy 
telephone hotlines worldwide and information on the Web to 
help in this effort. 


http://www.novell.com/programs/piracy/ 
To learn the hotline number for your area, contact: 
North and South America: 

1-800-PIRATES (1-800-747-2837) or 801-861-7101 
Europe, Middle East and Africa: 

44 1344 724042 
Asia: 
65 296 2866 


Novell, Inc. 

Research Order Desk 

Attn: Novell Program Administration 
1601 Park Avenue West 


Denver, CO 80216-5199 
USA 


Tel. (303) 297-2725 (International) 
Tel. (800) 377-4136 (In United States) 
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